Large volume user management

Dear all,

We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:

We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.

My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:

  1. Create a national administrator. He creates on sub-admin per region. (n = 20 regions)

  2. The regional sub-admins create provincial sub-admins. (n = 80 provinces)

  3. The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)

Do you suggest a devolved system for user creation as above or just to manage this centrally?

I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…

Thanks in advance…

Hi Alvin,

we have actually seen this scenario in several places and we do have support for it. The principle in DHIS 2 is that when you create a new user, you can grant/assign a use role if your own user has all of the authorities in the user role. So:

You can create an implicit hierarchy like this through at least three user roles:

  1. national admin

  2. regional admin

  3. provincial admin.

The important thing is that user roles must have all of the authorities of all user roles below themselves in the hierarchy. Seen the other way around, a user role should only have authorities which are assigned to all user roles above itself in the hierarchy.

This way, the national admin users will be able to create regional and provincial admins. The regional admins will be able to create provincial admins, but not other regional or national users. And so on.

Its actually documented there towards the end:

http://dhis2.org/doc/snapshot/en/implementer/html/ch15s02.html

We also have a restore password feature in DHIS 2, introduced in 2.10. It requires that you

  • configure email sending in settings module -> email.

  • enable user account recovery under settings -> access.

Be aware that users with the ALL authority or certain authorities like data mart, user roles cannot restore their account for security purposes.

cheers

Lars

···

On Thu, Mar 7, 2013 at 1:34 AM, Alvin Marcelo alvin.marcelo@gmail.com wrote:

Dear all,

We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:

We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.

My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:

  1. Create a national administrator. He creates on sub-admin per region. (n = 20 regions)
  1. The regional sub-admins create provincial sub-admins. (n = 80 provinces)
  1. The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)

Do you suggest a devolved system for user creation as above or just to manage this centrally?

I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…

Thanks in advance…


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Thanks Lars. We’ll start it.

Knut, is Philippines.dhis2.org on 2.10?

···

Sent from my BB Curve 9320


From: Lars Helge Øverland larshelge@gmail.com

Date: Fri, 8 Mar 2013 11:47:31 +0100

To: alvin.marcelo@gmail.com

Cc: dhis2-users@lists.launchpad.netdhis2-users@lists.launchpad.net

Subject: Re: [Dhis2-users] Large volume user management

Hi Alvin,

we have actually seen this scenario in several places and we do have support for it. The principle in DHIS 2 is that when you create a new user, you can grant/assign a use role if your own user has all of the authorities in the user role. So:

You can create an implicit hierarchy like this through at least three user roles:

  1. national admin

  2. regional admin

  3. provincial admin.

The important thing is that user roles must have all of the authorities of all user roles below themselves in the hierarchy. Seen the other way around, a user role should only have authorities which are assigned to all user roles above itself in the hierarchy.

This way, the national admin users will be able to create regional and provincial admins. The regional admins will be able to create provincial admins, but not other regional or national users. And so on.

Its actually documented there towards the end:

http://dhis2.org/doc/snapshot/en/implementer/html/ch15s02.html

We also have a restore password feature in DHIS 2, introduced in 2.10. It requires that you

  • configure email sending in settings module -> email.

  • enable user account recovery under settings -> access.

Be aware that users with the ALL authority or certain authorities like data mart, user roles cannot restore their account for security purposes.

cheers

Lars

On Thu, Mar 7, 2013 at 1:34 AM, Alvin Marcelo alvin.marcelo@gmail.com wrote:

Dear all,

We’re deploying DHIS2 nationally in the Philippines and I am hitting some problems which you may help with:

We have this org unit structure - national -> regional -> provincial -> municipality/city. These org units will be encoded centrally.

My problem is assigning user accounts for the municipalities. Here is the approach I plan to take:

  1. Create a national administrator. He creates on sub-admin per region. (n = 20 regions)
  1. The regional sub-admins create provincial sub-admins. (n = 80 provinces)
  1. The provincial sub-admins create the municipality end users (one per municipality). (n = 3100 municipalities)

Do you suggest a devolved system for user creation as above or just to manage this centrally?

I am expecting a lot of municipality end users forgetting their password. How should we manage this? (There is no “Forgot password” function in DHIS2 right now)…

Thanks in advance…


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Thanks Lars. We'll start it.

Knut, is Philippines.dhis2.org on 2.10?

Well, it is on a pre-release version of 2.10 from August, and should
definitely be updated. I suggest to update directly to 2.11 in a
couple of weeks.

Knut

···

On Fri, Mar 8, 2013 at 6:24 AM, Alvin B. Marcelo <alvin.marcelo@gmail.com> wrote:

Sent from my BB Curve 9320
________________________________
From: Lars Helge Øverland <larshelge@gmail.com>
Date: Fri, 8 Mar 2013 11:47:31 +0100
To: <alvin.marcelo@gmail.com>
Cc: dhis2-users@lists.launchpad.net<dhis2-users@lists.launchpad.net>
Subject: Re: [Dhis2-users] Large volume user management

Hi Alvin,

we have actually seen this scenario in several places and we do have support
for it. The principle in DHIS 2 is that when you create a new user, you can
grant/assign a use role if your own user has all of the authorities in the
user role. So:

You can create an implicit hierarchy like this through at least three user
roles:

1) national admin
2) regional admin
3) provincial admin.

The important thing is that user roles must have all of the authorities of
all user roles below themselves in the hierarchy. Seen the other way around,
a user role should only have authorities which are assigned to all user
roles above itself in the hierarchy.

This way, the national admin users will be able to create regional and
provincial admins. The regional admins will be able to create provincial
admins, but not other regional or national users. And so on.

Its actually documented there towards the end:

http://dhis2.org/doc/snapshot/en/implementer/html/ch15s02.html

We also have a restore password feature in DHIS 2, introduced in 2.10. It
requires that you

- configure email sending in settings module -> email.
- enable user account recovery under settings -> access.

Be aware that users with the ALL authority or certain authorities like data
mart, user roles cannot restore their account for security purposes.

cheers

Lars

On Thu, Mar 7, 2013 at 1:34 AM, Alvin Marcelo <alvin.marcelo@gmail.com> > wrote:

Dear all,

We're deploying DHIS2 nationally in the Philippines and I am hitting some
problems which you may help with:

We have this org unit structure - national -> regional -> provincial ->
municipality/city. These org units will be encoded centrally.

My problem is assigning user accounts for the municipalities. Here is the
approach I plan to take:

1. Create a national administrator. He creates on sub-admin per region. (n
= 20 regions)

2. The regional sub-admins create provincial sub-admins. (n = 80
provinces)

3. The provincial sub-admins create the municipality end users (one per
municipality). (n = 3100 municipalities)

Do you suggest a devolved system for user creation as above or just to
manage this centrally?

I am expecting a lot of municipality end users forgetting their password.
How should we manage this? (There is no "Forgot password" function in DHIS2
right now)...

Thanks in advance...

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp

--
Knut Staring
Dept. of Informatics, University of Oslo
+4791880522
http://dhis2.org

Can we update to 2.10 stable now so that Alvin can get started with the restore password function?

···

On Fri, Mar 8, 2013 at 12:51 PM, Knut Staring knutst@gmail.com wrote:

On Fri, Mar 8, 2013 at 6:24 AM, Alvin B. Marcelo > > alvin.marcelo@gmail.com wrote:

Thanks Lars. We’ll start it.

Knut, is Philippines.dhis2.org on 2.10?

Well, it is on a pre-release version of 2.10 from August, and should

definitely be updated. I suggest to update directly to 2.11 in a

couple of weeks.

Hi Alvin,

We have done this centrally through an external script which can generate an arbitrary number of users and passwords and populate the database with them. I think what Lars outlines makes more sense for you, but if you are interested on this approach I can share it with you.

Best regards,

Jason

···

Sent from my mobile

On Mar 8, 2013 1:56 PM, “Lars Helge Øverland” larshelge@gmail.com wrote:

On Fri, Mar 8, 2013 at 12:51 PM, Knut Staring knutst@gmail.com wrote:

On Fri, Mar 8, 2013 at 6:24 AM, Alvin B. Marcelo > > > > alvin.marcelo@gmail.com wrote:

Thanks Lars. We’ll start it.

Knut, is Philippines.dhis2.org on 2.10?

Well, it is on a pre-release version of 2.10 from August, and should

definitely be updated. I suggest to update directly to 2.11 in a

couple of weeks.

Can we update to 2.10 stable now so that Alvin can get started with the restore password function?


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Hi,sir,
I aslo interested in it, please share with me.

Thanks.

···

At 2013-03-08 23:29:19,“Jason Pickering” jason.p.pickering@gmail.com wrote:

Hi Alvin,

We have done this centrally through an external script which can generate an arbitrary number of users and passwords and populate the database with them. I think what Lars outlines makes more sense for you, but if you are interested on this approach I can share it with you.

Best regards,

Jason

Sent from my mobile

On Mar 8, 2013 1:56 PM, “Lars Helge Øverland” larshelge@gmail.com wrote:

On Fri, Mar 8, 2013 at 12:51 PM, Knut Staring knutst@gmail.com wrote:

On Fri, Mar 8, 2013 at 6:24 AM, Alvin B. Marcelo > > > > > > alvin.marcelo@gmail.com wrote:

Thanks Lars. We’ll start it.

Knut, is Philippines.dhis2.org on 2.10?

Well, it is on a pre-release version of 2.10 from August, and should

definitely be updated. I suggest to update directly to 2.11 in a

couple of weeks.

Can we update to 2.10 stable now so that Alvin can get started with the restore password function?


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp