Hi all,
in 2.29 we introduced a significant change in the access control solution in DHIS 2.
In essence, two new levels within the sharing solution were introduced: Can capture data and Can view data. These levels applies to capturing data/events and viewing data/events in analytics, and complements the two existing levels so that we now have:
Metadata
Lars Helge Øverland
Technical lead, DHIS 2
University of Oslo
Thank you Lars and the team for introducing this useful set of features and Nick for the excellent video demonstrations.
On Mon, Apr 16, 2018 at 2:22 PM, Lars Helge Øverland lars@dhis2.org wrote:
Hi all,
in 2.29 we introduced a significant change in the access control solution in DHIS 2.
In essence, two new levels within the sharing solution were introduced: Can capture data and Can view data. These levels applies to capturing data/events and viewing data/events in analytics, and complements the two existing levels so that we now have:
Metadata
–
- Can edit and view metadata
- Can view metadata
Data/events
–
- Can capture and view data
- Can view data
This means that you can now control who can capture data for data sets, programs and program stages through the sharing solution. Previous to 2.29 this was done through user roles, where data sets and programs were associated with user roles.
You can also control who can see data in analytics for programs and category options through the new “can view data” sharing level.
We have updated the sharing user documentation to reflect this:
We have also have some excellent new videos which elaborates on this topic - look for “Data level sharing”:
The motivation behind this change in the access control model is:
- It provides a single place to control access to DHIS 2 objects. The user role associations to data sets and programs have been removed and replaced by the mentioned sharing levels.
- It opens for more flexibility in access control. Going forward we plan to introduce more fine-grained data level sharing and include support for entities like data elements and tracked entity attributes.
- It allows better control over who can view data in analytics, in particular for program and tracker data.
The 2.29 upgrade script will create a user group per user role and share those groups with the appropriate data sets and programs. You can of course opt not to run this part of the script and instead do the upgrade manually.
https://github.com/dhis2/dhis2-utils/blob/master/resources/sql/upgrade-229.sql
best regards,
Lars
PS. thanks Nick Dutta for excellent videos.
Lars Helge Øverland
Technical lead, DHIS 2
University of Oslo
–
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
–
Regards,
Pamod Amarakoon
MBBS (SL)
MSc (Biomedical Informatics), EMSc (Health Admin), PGCert (MedEd), CEH
HISP Sri Lanka
Confidentiality Notice: the information contained in this email and any attachments may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachments for any purpose, nor disclose all or any part of the contents to any other person.