We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:
We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.
My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:
Create a national administrator. He creates on sub-admin per region. (n = 20 regions)
The regional sub-admins create provincial sub-admins. (n = 80 provinces)
The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)
Do you suggest a devolved system for user creation as above or just to manage this centrally?
I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…
we have actually seen this scenario in several places and we do have support for it. The principle in DHIS 2 is that when you create a new user, you can grant/assign a use role if your own user has all of the authorities in the user role. So:
You can create an implicit hierarchy like this through at least three user roles:
national admin
regional admin
provincial admin.
The important thing is that user roles must have all of the authorities of all user roles below themselves in the hierarchy. Seen the other way around, a user role should only have authorities which are assigned to all user roles above itself in the hierarchy.
This way, the national admin users will be able to create regional and provincial admins. The regional admins will be able to create provincial admins, but not other regional or national users. And so on.
We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:
We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.
My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:
Create a national administrator. He creates on sub-admin per region. (n = 20 regions)
The regional sub-admins create provincial sub-admins. (n = 80 provinces)
The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)
Do you suggest a devolved system for user creation as above or just to manage this centrally?
I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…
Subject: Re: [Dhis2-users] Large volume user management
Hi Alvin,
we have actually seen this scenario in several places and we do have support for it. The principle in DHIS 2 is that when you create a new user, you can grant/assign a use role if your own user has all of the authorities in the user role. So:
You can create an implicit hierarchy like this through at least three user roles:
national admin
regional admin
provincial admin.
The important thing is that user roles must have all of the authorities of all user roles below themselves in the hierarchy. Seen the other way around, a user role should only have authorities which are assigned to all user roles above itself in the hierarchy.
This way, the national admin users will be able to create regional and provincial admins. The regional admins will be able to create provincial admins, but not other regional or national users. And so on.
We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:
We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.
My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:
Create a national administrator. He creates on sub-admin per region. (n = 20 regions)
The regional sub-admins create provincial sub-admins. (n = 80 provinces)
The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)
Do you suggest a devolved system for user creation as above or just to manage this centrally?
I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…
we have actually seen this scenario in several places and we do have support
for it. The principle in DHIS 2 is that when you create a new user, you can
grant/assign a use role if your own user has all of the authorities in the
user role. So:
You can create an implicit hierarchy like this through at least three user
roles:
1) national admin
2) regional admin
3) provincial admin.
The important thing is that user roles must have all of the authorities of
all user roles below themselves in the hierarchy. Seen the other way around,
a user role should only have authorities which are assigned to all user
roles above itself in the hierarchy.
This way, the national admin users will be able to create regional and
provincial admins. The regional admins will be able to create provincial
admins, but not other regional or national users. And so on.
3. The provincial sub-admins create the municipality end users (one per
municipality). (n = 3100 municipalities)
Do you suggest a devolved system for user creation as above or just to
manage this centrally?
I am expecting a lot of municipality end users forgetting their password.
How should we manage this? (There is no "Forgot password" function in DHIS2
right now)...
We have done this centrally through an external script which can generate an arbitrary number of users and passwords and populate the database with them. I think what Lars outlines makes more sense for you, but if you are interested on this approach I can share it with you.
We have done this centrally through an external script which can generate an arbitrary number of users and passwords and populate the database with them. I think what Lars outlines makes more sense for you, but if you are interested on this approach I can share it with you.