Fw: [Dhis2-devs] Decentralization of user management

It is important to decentralise user management as we promote data use at point of collection as well as increase people’s participation from the district level… this will also enhance the data ownership and encourage use.






TEL: +254 (020) 2717077 EXT 45097

CELL: +254 (0) 722375633 or 0202033363

EMAIL: wanjala2p@yahoo.com


From: Friedman, Roger (CDC/CGH/DGHA) (CTR)

Sent: Saturday, June 11, 2011 04:40 PM

To: ‘wanjala2p@yahoo.com’ wanjala2p@yahoo.com

Subject: Re: [Dhis2-users] [Dhis2-devs] Decentralization of user management

We face the same issue in Ghana, but decided to have a region/district system administrator certification program. For this reason, we think a permission is in order. Our existing system has data quality problems in part because of district and facility system administrators not having a goood understanding of the system, our rollout plan does not have time or money to train everyone we would like, and our DB is centralized so the damage which can be caused by a system administrator is great.

From: wanjala pepela [mailto:wanjala2p@yahoo.com]

Sent: Saturday, June 11, 2011 10:07 AM

To: Lars Helge Øverland larshelge@gmail.com; dhis2-users@lists.launchpad.net dhis2-users@lists.launchpad.net; DHIS 2 developers dhis2-devs@lists.launchpad.net; jason.p.pickering@gmail.com jason.p.pickering@gmail.com

Subject: Re: [Dhis2-users] [Dhis2-devs] Decentralization of user management


— On Sat, 6/11/11, jason.p.pickering@gmail.com jason.p.pickering@gmail.com wrote:

From: jason.p.pickering@gmail.com jason.p.pickering@gmail.com

Subject: Re: [Dhis2-devs] Decentralization of user management

To: “Lars Helge Øverland” larshelge@gmail.com, dhis2-users@lists.launchpad.net, “DHIS 2 developers” dhis2-devs@lists.launchpad.net

Date: Saturday, June 11, 2011, 5:39 AM

Is this a default behaviour or something which can be controlled.through a setting? I guess my question is more about whether there is a separate “GRANT” setting which can be assigned to users to give them this privilege?

Sent from my HTC

----- Reply message -----

From: “Lars Helge Øverland” larshelge@gmail.com

Date: Sat, Jun 11, 2011 10:24

Subject: [Dhis2-devs] Decentralization of user management

To: dhis2-users@lists.launchpad.net, “DHIS 2 developers” dhis2-devs@lists.launchpad.net


one learning from Kenya is that “local concerns” such as assignment of

services (datasets) and classification (group assignment) of facilities

should be decentralized to district managers as they can perform this task

more efficiently and with a better understanding of their local area.

We now increasingly see that facility users start entering data online

themselves and decentralizing management of facility user accounts would be

a good idea. This comes with a few challenges however as we want to provide

them the ability only to create users with “less” authority than what they

have themselves. We have now implemented a solution for this in trunk which

implies that a user can issue a user role to a new user if:

  • The current user has the ALL authority OR the issued user role authority

group is a subset of the aggregated authorities of the current user (i.e.

the current user has all of the authorities he wants to issue to another


  • The issued user role is NOT among the current user’s user roles (i.e. the

current user can not issue his own user roles to another user.)

The latter rule is there e.g. because we don’t want districts users to

create new district users, rather to create facility users only.

This solution means that it is now sensible to allow district and province

users access to the user module. Just to keep you informed…


-----Inline Attachment Follows-----

Mailing list: https://launchpad.net/~dhis2-devs

Post to :

Unsubscribe : https://launchpad.net/~dhis2-devs

More help : https://help.launchpad.net/ListHelp