I’ve been exploring ways to prevent unauthorized modifications of capture data. The add/create access to the another user/organization. This would like to use the following conditions in DHIS2 programs via the program rules
Scenario:
Organization A creates an enrollment and event.
Organization B adds a new event to the same enrollment.
The goal is to prevent Organization B from updating or modifying the events created by Organization A and vice versa
if (event_owner == current_user) if (enrollment_owner == current_user)``if (event_organization or enrollment_owner == current_organization)
I’ve checked the following resources but could not find a solution:
I think this may be two workarounds to your problem you can try
Program Config and User Role Add Event Expiry days to the program stage. Completes the event after X days, after which time it can no longer be edited unless a user Un-Completes the event.
You can also Block entry Form exactly after completing (no waiting time)
Remove Uncomplete events permission from the data entry user role - this would mean a user in org unit B cannot uncomplete an event that was completed in org unit A.
Program Rules
The V{orgunit_code} program rule variable is the OU code that is “linked to” the current enrollment. I am not sure what exact OU this is, but from forums it seems that this is the current OU of data capture.
But in theory you could create one PR of priority 1 that assigns the V{orgunit_code} to a data element called “initial OU”, on the condition that that data element does not have a value.
and then a second PR of priority 2, which states that if V{orgunit_code} != data element value, show error. Thus, when a different Orgunit tries to access, it will show an error.
Finally, you may want to check out program permissions, which controls access at the level of enrollment, not the event.
I have not tested these myself, but hope they can approximate what youre looking for.
Thank you for your response! It has given me a clear idea of what to do next for this project
It feels great to hear from you, and I remember meeting you last year in Kathmandu, Nepal during the DHIS2 upgrade process.
I will implement the Program rules with expression V{orgunit_code} != data element value and restrict user to modification by shown error. This is the best solution for now
In my case, we are using this on the National Capture EHMIS, which has more than 40 program stages. A feasibility test must be conducted before implementation
