dhis2-users team mailing list archive

[Lars Helge Øverland <larshelge@xxxxxxxxx>]

Hi Wilson,

to allow a user to grant his own user roles to other, you can go to
settings > access > and check "Allow users to grant own user roles".

The general rule is that users can only give user roles to others if they
themselves have all of the authorities in those roles. The purpose of this
is to allow for distributed user management, where users can create users
but only give them authorities which they have themselves.

The concept of allowing people to give out authorities they don't have
themselves is not secure anyway, since they could easily grant themselves a
new user account with those extra authorities.

regards,

Lars





On Thu, Oct 8, 2015 at 8:44 PM, Wilson Ramos <wilson.ramos@xxxxxxxxxxxxxxxxx
> wrote:

> Live Version:   2.20
> Build revision: 19682
> Build date:       2015-07-20 05:10
>
>
> Hello.
> We doing some testing using a DHIS LIVE system. We have define a new role
> that has all authorities except for "ALL". We then defined a user (e.g.
> User_Creator) and gave him this new role.  When this user tries to create a
> new user, he does not have access to all roles in the "Available Roles"
> box. To view all roles, this user must be given "All" authority, which we
> do not want him to have.  How do we allow access to more roles from which
> to choose when creating a user?  How is a user associated with the number
> of roles he can access?
>
> Thank you for any help.
>
> Wilson Ramos
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
http://www.dhis2.org <https://www.dhis2.org>