Decentralization of user management

Hi,

one learning from Kenya is that “local concerns” such as assignment of services (datasets) and classification (group assignment) of facilities should be decentralized to district managers as they can perform this task more efficiently and with a better understanding of their local area.

We now increasingly see that facility users start entering data online themselves and decentralizing management of facility user accounts would be a good idea. This comes with a few challenges however as we want to provide them the ability only to create users with “less” authority than what they have themselves. We have now implemented a solution for this in trunk which implies that a user can issue a user role to a new user if:

  • The current user has the ALL authority OR the issued user role authority group is a subset of the aggregated authorities of the current user (i.e. the current user has all of the authorities he wants to issue to another user.)

  • The issued user role is NOT among the current user’s user roles (i.e. the current user can not issue his own user roles to another user.)

The latter rule is there e.g. because we don’t want districts users to create new district users, rather to create facility users only.

This solution means that it is now sensible to allow district and province users access to the user module. Just to keep you informed…

Lars

Thanks Lars for updating members on new development on user roles.

The assigning of finer right to various users is of paramount at this stage. This will go along way in improving security and even create ownership. The roles to various Coordinators like HIV, DDSR, RH, TB&L, HR, Financial officers will be able to see only what is related to their core activities. The role assign to Enter data will improve participation/ empowerment on the dataset or reports received from various Health facilities where technology is not available.

Lars, Clarification on:-

  • The current user can not issue his own user roles to another user and also amend/update the existing user meaning there will be communication facilitating the amendment of other users rights.

-Because we don’t want districts users to create new district users, rather to create facility users and coordinators of various programmes only.

Regards

···

2011/6/11 Lars Helge Øverland larshelge@gmail.com

Hi,

one learning from Kenya is that “local concerns” such as assignment of services (datasets) and classification (group assignment) of facilities should be decentralized to district managers as they can perform this task more efficiently and with a better understanding of their local area.

We now increasingly see that facility users start entering data online themselves and decentralizing management of facility user accounts would be a good idea. This comes with a few challenges however as we want to provide them the ability only to create users with “less” authority than what they have themselves. We have now implemented a solution for this in trunk which implies that a user can issue a user role to a new user if:

  • The current user has the ALL authority OR the issued user role authority group is a subset of the aggregated authorities of the current user (i.e. the current user has all of the authorities he wants to issue to another user.)
  • The issued user role is NOT among the current user’s user roles (i.e. the current user can not issue his own user roles to another user.)

The latter rule is there e.g. because we don’t want districts users to create new district users, rather to create facility users only.

This solution means that it is now sensible to allow district and province users access to the user module. Just to keep you informed…

Lars


Mailing list: https://launchpad.net/~dhis2-devs

Post to : dhis2-devs@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp


Samuel Cheburet
Ministry Of Health
P.O. Box 20781
Nairobi, Kenya
Mobile- 0721624338

Don’t Compromise The Quality! Don’t Risk It! apply Available Standards to Achieve Your/organizational Goal.