← Back to team overview

dhis2-users team mailing list archive

Re: User Authorities and Dashboards

 

Hi Georgi,

Just go to the category option in question, choose set "Public access" to
"None" and then add the appropriate user group.

>From here

https://play.dhis2.org/demo/dhis-web-maintenance/#/list/dataElementSection/categoryOption

choose "Sharing settings" and then set it as appropriate.





Again, depending on the complexity of your setup, you may need to script
this directly with the API.

Regards,
Jason

​

On Thu, May 4, 2017 at 2:14 PM, Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
wrote:

> Hi Jason,
>
>
>
> Thanks again!
>
> Last question, I promise: How do you share only one category option with
> one user/group of users? I mean option, not the entire category combination.
>
>
>
> Regards,
>
>
>
> Georgi
>
>
>
> *From:* Jason Pickering [mailto:jason.p.pickering@xxxxxxxxx]
> *Sent:* Thursday, May 4, 2017 3:01 PM
> *To:* Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
> *Cc:* Antonia - Pro <antonia@xxxxxxxxxxx>; dhis2-users@xxxxxxxxxxxxxxxxxxx;
> dhis2-devs@xxxxxxxxxxxxxxxxxxx
>
> *Subject:* Re: [Dhis2-users] User Authorities and Dashboards
>
>
>
> Hi Georgi,
>
> Good. You are on the  right track then.
>
>
>
> From the user management app, each investor needs to be restricted by the
> dimension you mentioned.
>
>
>
>
>
> Like from the demo site, you might decide to restrict a user to the
> "Funding agency" dimension.
>
>
>
> In order for you to obfuscate data from other users, the category option
> which is part of that dimension, should only be shared with a user group
> which the user actually belongs to and with no other users.
>
>
>
> The category option should have "Public access" set to none and should be
> shared with a group with at least "Can view" which the user also belongs
> to. This will allow the user to see these analytics values, but will not
> allow other users to see them.
>
>
>
> Even if you were able to restrict which pivots the users could see, savvy
> users could always use the API to extract data from the system, thus, it
> must be protected by proper configuration of sharing. With correct use of
> sharing between users and category options, you should be able to achieve
> this.
>
>
>
> Regards,
>
> Jason
>
>
>
>
>
>
> ​
>
>
>
> On Thu, May 4, 2017 at 1:52 PM, Georgi Chakarov <
> georgi@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Hi Jason,
>
>
>
> Thank you for your response!
>
>
>
> This is exactly how I have structured my data originally. I have organized
> each investor as an Attribute category options and have created Attribute
> option combos and assigned to selected data sets. Here are my questions:
>
> 1)      How do I share only one category option with one user?
>
> 2)      What do you mean by "Selected dimension restrictions for data
> analytics"? Unless I allow users to “See Pivot table module” they do not
> see the reports on the dashboard. And from within the Pivot they have
> access to other Attribute options (namely investors). I cannot assign
> authorities to only part of the Pivot table functions, regretfully.
>
>
>
> Regards,
>
>
>
> Georgi
>
>
>
>
>
>
>
> *From:* Dhis2-users [mailto:dhis2-users-bounces+georgi=
> logicaloutcomes.net@xxxxxxxxxxxxxxxxxxx] *On Behalf Of *Jason Pickering
> *Sent:* Thursday, May 4, 2017 2:15 PM
> *To:* Antonia - Pro <antonia@xxxxxxxxxxx>
> *Cc:* dhis2-users@xxxxxxxxxxxxxxxxxxx; dhis2-devs@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Dhis2-users] User Authorities and Dashboards
>
>
>
> Hi Georgi,
>
>
>
> To be most specific I think, you will need to use the "Attribute option
> combo" to control who can see what. This is basically a way to disaggregate
> data by a custom dimension, in this case, by an investor group. Its often
> used in situations where multiple partners are entering data for the same
> health facility, but you do not want one partner to be able to see another
> partners data.  Once you disaggregate your data set this way, you can then
> use sharing to control who can see what, by only sharing the category
> option which is applicable to a given user, with that user.  Each investor
> would need to be belong to a common group with "their" category option. You
> would then need to restrict users in their user role  with "Selected
> dimension restrictions for data analytics" as well.
>
> This type of setup can get complex quickly, but has been used in larger
> implementations (i.e with the PEPFAR system) , but usually only when the
> groups are properly designed and the creation of users is done in a
> scripted way, to ensure that all of the permissions are set correctly.
>
>
>
> Hope that helps!
>
>
>
> Jason
>
>
>
>
>
> On Thu, May 4, 2017 at 12:58 PM, Antonia - Pro <antonia@xxxxxxxxxxx>
> wrote:
>
> Exactly Morten.
>
> For Dashboards, sharing also works at user level after the last update
> 2.26, but reports (data, event visualizer and reports and pivot tables)
> only work at group level currently (on the demo server).
>
>
> [image: Image removed by sender.]
>
> *Eng. Antonia Bezenchek*
>
> CIO - ICT Engineer
>
> *InformaPRO S.r.l.* via Guido Guinizelli, 98/100, Roma 00152, Italy
>
>
>
> 2017-05-04 12:29 GMT+02:00 Morten Olav Hansen <morten@xxxxxxxxx>:
>
> Hm, I think maybe we support this only for the dashboards, so it might not
> help you (you can share dashboards directly to users, but reporting apps
> are not updated for that yet).
>
>
> --
>
> Morten Olav Hansen
>
> Senior Engineer, DHIS 2
>
> University of Oslo
>
> http://www.dhis2.org
>
>
>
> On Thu, May 4, 2017 at 5:28 PM, Antonia - Pro <antonia@xxxxxxxxxxx> wrote:
>
> Permissions for Dashboard and Favorites are managed at the group level, so
> if they are not groupable, you need to create a group for each user.
>
>
>
> Regards,
>
> Antonia
>
>
>
>
>
>
>
> 2017-05-04 9:47 GMT+02:00 Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>:
>
> Hi Alex,
>
>
>
> Thanks for the response!
>
>
>
> I have 150 investors and none of them should be able to see the reports of
> the other investors.
>
> Does this mean that I have to create 150 user groups with one investor
> each?
>
>
>
> Regards,
>
>
>
> Georgi
>
>
>
> *From:* Alex Tumwesigye [mailto:atumwesigye@xxxxxxxxx]
> *Sent:* Thursday, May 4, 2017 8:53 AM
> *To:* Georgi Chakarov <georgi@xxxxxxxxxxxxxxxxxxx>
> *Cc:* dhis2-devs@xxxxxxxxxxxxxxxxxxx; dhis2-users@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Dhis2-users] User Authorities and Dashboards
>
>
>
> Dear Georgi,
>
>
>
> The solution is Sharing and User Groups
>
>
>
> Implement the same sharing on each report/chart/gis map as you did on the
> dashboard.
>
> That is Set Public to *None *and then add the Investor User Group (which
> is has access) and set sharing to *View*
>
>
>
> *Alex*
>
>
>
> On Wed, May 3, 2017 at 7:27 PM, Georgi Chakarov <
> georgi@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello all,
>
>
>
> I have a big problem setting up the correct authorities so that users see
> what I need them to.
>
> In brief, I am reporting on financial data. I have a few investors for
> whom I have prepared personal dashboards with pivots on how much return
> they have earned. I DO NOT want investors to be able to see each other’s
> data.
>
>
>
> This is what I have done:
>
> 1)      User Authorities:
>
> -          See dashboards
>
> -          See browser cache
>
> -          See pivot table module
>
> *IMPORTANT:* If I remove the “See pivot table module” the users are not
> able to see the saved pivot tables on their dashboard! So I need this
> authority.
>
>
>
> 2)      Dashboards
>
> -          Created personal dashboard for each investor
>
> -          Shared the dashboard only with the respective investor
>
>
>
> Every investor is able to see only their dashboard. Here comes the *BIG
> PROBLEM: *When an investor clicks “Explore” pivot table from the
> dashboard it takes him to the Pivot table app. From there, they can go to
> Favorites and open a saved report for any of the other investors and see
> data.
>
>
>
> Two questions here:
>
> 1)      Is there a way for user to see pivots on a dashboard without
> necessarily having access to the Pivot reporting module?
>
> 2)      If not, is there a way to restrict user of opening reports saved
> as favorites in the Pivot reporting module?
>
>
>
>
>
> Your comments are highly appreciated!
>
> Georgi
>
>
>
>
>
>
>
>
>
>
> Georgi Chakarov, CIA | georgi@xxxxxxxxxxxxxxxxxxx | +1-647-478-5634 x 104
> <(647)%20478-5634> | LogicalOutcomes c/o Centre for Social Innovation,
> 720 Bathurst Street, Toronto Canada M5S 2R4 | *You may unsubscribe from
> receiving commercial electronic messages from LogicalOutcomes by emailing *
> *info@xxxxxxxxxxxxxxxxxxx* <info@xxxxxxxxxxxxxxxxxxx>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
> --
>
> Alex Tumwesigye
>
>
>
> Technical Advisor - DHIS2 (Consultant),
> Ministry of Health/AFENET  | HISP Uganda
>
> Kampala
>
> Uganda
> +256 774149 775, + 256 759 800161 <+256%20759%20800161>
>
> Skype ID: talexie
>
>
> IT Consultant (Servers, Networks and Security, Health Information Systems
> - DHIS2, Disease Outbreak & Surveillance Systems) & Solar Consultant
>
>
> "I don't want to be anything other than what I have been - one tree hill "
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
>
> --
>
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049 <076-414%2070%2049>
>
>
>
>
>
> --
>
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049 <+46764147049>
>



-- 
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049

JPEG image

JPEG image

PNG image


Follow ups

References