[Bug 1474060] [NEW] Users able to delete dashboard items without authorization

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  New

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

-----Original Message-----
From: Dhis2-devs
[mailto:dhis2-devs-bounces+dapsyjorge=gmail.com@lists.launchpad.net] On
Behalf Of hardingt
Sent: 13 July, 2015 6:00 PM
To: dhis2-devs@lists.launchpad.net
Subject: [Dhis2-devs] [Bug 1474060] [NEW] Users able to delete dashboard
items without authorization

Public bug reported:

Hello Devs,

Saw this occur on a production 2.18 machine by reading the logs, Confirmed
this on 2.19 using the SL demo site

Steps to recreate:
1. Create dashboard with administrator account 2. Set public as 'can view'
3. Add dashboard item, in my case it was a pivot table 4. Log in with user
with the following rights:
- Add/Update Data Value
- Run validation
- See Browser Cache Cleaner module
- See Dashboard integration module
- See Data Entry module
- See Data Visualizer module
- See Event Visualizer module
- See GIS module
- See Pivot Table module
- See Report module
- See Validation Rule module
5. Navigate to dashboard created in Step 1, click remove on any dashboard
item
- Note, it usually takes a page reload to reflect the results of this
action, making it look like nothing happened until the refresh

You should find that the dashboard item(s) is no longer there.

Here is the relevant section of the log from the production 2.18 system:
* INFO 2015-07-10 18:59:16,625 '[redacted]' delete
org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java
[http-bio-8080-exec-276])
* INFO 2015-07-10 18:59:16,638 '[redacted]' update denied
org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6
(AuditLogUtil.java [http-bio-8080-exec-276])

You'll notice the dashboard item was removed, but the subsequent step to
update the dashboard was denied. As user with proper authority will cause
the following entries:

* INFO 2015-07-12 17:18:28,794 'timharding' delete
org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java
[http-bio-8080-exec-11])
* INFO 2015-07-12 17:18:28,803 'timharding' update
org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid:
T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

We'd like it so that the users can see the dashboard but are unable to edit
the contents. Please let me know if you need any additional info to sort
this one out. Thanks!

** Affects: dhis2
     Importance: Undecided
         Status: New

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  New

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard
item
  - Note, it usually takes a page reload to reflect the results of this
action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete
org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java
[http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied
org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6
(AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete
org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java
[http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update
org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid:
T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

_______________________________________________
Mailing list: DHIS 2 developers in Launchpad
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : DHIS 2 developers in Launchpad
More help : ListHelp - Launchpad Help

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  New

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

On Thu, Jul 16, 2015 at 12:58 AM, Morten Olav Hansen < 1474060@bugs.launchpad.net> wrote:

Fixed in 2.19/trunk. It still allows moving around the items, but will
not save the new position.

We will disallow moving the items around in a future version.

** Changed in: dhis2
    Milestone: None => 2.20

** Changed in: dhis2
     Assignee: (unassigned) => Morten Olav Hansen (mortenoh)

** Changed in: dhis2
   Importance: Undecided => Medium

** Changed in: dhis2
       Status: New => Fix Committed

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any
dashboard item
  - Note, it usually takes a page reload to reflect the results of this
action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete
org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java
[http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied
org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6
(AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete
org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java
[http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update
org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid:
T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

On Thu, Jul 16, 2015 at 7:08 PM, Morten Olav Hansen < 1474060@bugs.launchpad.net> wrote:

This have now been backported to 2.18, please give it one hour to build
and push new WAR to dhis2.org

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any
dashboard item
  - Note, it usually takes a page reload to reflect the results of this
action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete
org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java
[http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied
org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6
(AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete
org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java
[http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update
org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid:
T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions

--
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1474060

Title:
  Users able to delete dashboard items without authorization

Status in DHIS:
  Fix Committed

Bug description:
  Hello Devs,

  Saw this occur on a production 2.18 machine by reading the logs,
  Confirmed this on 2.19 using the SL demo site

  Steps to recreate:
  1. Create dashboard with administrator account
  2. Set public as 'can view'
  3. Add dashboard item, in my case it was a pivot table
  4. Log in with user with the following rights:
  - Add/Update Data Value
  - Run validation
  - See Browser Cache Cleaner module
  - See Dashboard integration module
  - See Data Entry module
  - See Data Visualizer module
  - See Event Visualizer module
  - See GIS module
  - See Pivot Table module
  - See Report module
  - See Validation Rule module
  5. Navigate to dashboard created in Step 1, click remove on any dashboard item
  - Note, it usually takes a page reload to reflect the results of this action, making it look like nothing happened until the refresh

  You should find that the dashboard item(s) is no longer there.

  Here is the relevant section of the log from the production 2.18 system:
  * INFO 2015-07-10 18:59:16,625 '[redacted]' delete org.hisp.dhis.dashboard.DashboardItem, uid: ov1BR9Hxj0z (AuditLogUtil.java [http-bio-8080-exec-276])
  * INFO 2015-07-10 18:59:16,638 '[redacted]' update denied org.hisp.dhis.dashboard.Dashboard, name: Principaux, uid: NYmDyNmCqG6 (AuditLogUtil.java [http-bio-8080-exec-276])

  You'll notice the dashboard item was removed, but the subsequent step
  to update the dashboard was denied. As user with proper authority will
  cause the following entries:

  * INFO 2015-07-12 17:18:28,794 'timharding' delete org.hisp.dhis.dashboard.DashboardItem, uid: P1XHv9Dxfsn (AuditLogUtil.java [http-bio-8080-exec-11])
  * INFO 2015-07-12 17:18:28,803 'timharding' update org.hisp.dhis.dashboard.Dashboard, name: Baiap Health Centre, uid: T7WL4dirz1D (AuditLogUtil.java [http-bio-8080-exec-11])

  We'd like it so that the users can see the dashboard but are unable to
  edit the contents. Please let me know if you need any additional info
  to sort this one out. Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1474060/+subscriptions