in 2.29 we made a change to the access control solution. The user role link to data sets and programs have been replaced by two new levels in the sharing model for data capture and data view:
Data capture and data view sharing levels: The sharing solution has been extended with two new levels for “data capture” and “data view” access for users and user groups. These levels apply to programs, program stages, data sets and category options, and replaces the link between user roles and data sets/programs. This offers a simplified and more flexible access control solution.
Hello,
I have read the solution here but things are not working as expected, I am using DHIS2 ver 2.36.3, when I assign user/usergroup through “dataset sharing options” the form does not become available for data entry until I tick “Full Authority” under system (user roles) then the dataset becomes available for data entry. The fully authority seem to override all other settings in the system, that means this user can even delete other users while I want to give data entry authority.
Any suggestion on the work around for this will be appreciated.
Regards
Hey @Peter_Lubambi,
Please let me know if I understood your question right. You have a dataset that you want the user to use the Data Entry app to enter data? Why would you give this user Full Authority?
The normal procedure is that when creating the Data Set the OUs are assigned to the Data Set and then these OUs are assigned to the User. If all the user needs to do is data entry then all you need to do is assign the “Data Entry Clerk” role. You can check the role settings from play.dhis2.org.
Hi @Gassim ,
In short the new way of sharing dataset to user group is not giving the expected results. Below are the steps I have done but doesn’t allow this user to see dataset for data entry
Created a “Data entry clerk” user role with ability to add/update public Data value, to see Data entry App
Created a user and assigned “Data entry clerk” role, assigned the highest OU for capture and output
Created a “Data entry clerk” user group and assigned this user to this group
Created a dataset, Assigned it to "Test Hospital’, through dataset options, opened sharing settings - assigned “Data entry clerk group” ability to View only metadata and capture and view data
When I login as this user, I can not see the dataset from the list of dataset - under data entry but when I assigned this user a superuser role, I am able to see the data set for entry.
Any Ideas on what am I missing with the “Data entry clerk” role?
Hi @Peter_Lubambi,
Thank you for sharing all this, and the steps you are taking a correct - there’s no need to assign the superuser role for a dataentry user; it might be possible to get a better idea of the issue and why the user isn’t able to view the dataset by maybe checking the full HTTP request when the user tries to find the dataset. However, it is important to upgrade to latest patch version of 2.34 as you can see this is working in the latest instances in https://play.dhis2.org
Are you using 2.30 as a production instance? Any thoughts on upgrading? Thank you!