We are working on DHIS version 2.24 (revision - 23565). We are testing the behaviour of restricting data Sets through User Roles. We have created a user role with all the authorities, except ‘ALL’ authority. And did not assign any data Sets to this user role. Then we assigned the role to a user. So, when the user is logged in, and opens data entry app, and goes to the right organisation unit where that particular data set is assigned to, the user cannot find any data sets. This is the expected behaviour. However, we modified the user role, by giving only the ‘ALL’ authority now (no other authorities are given). And tested the same again. Now, the user is able to see the data set in the data entry app, even if the data set is not assigned to the user role. Is this expected of the user who has “ALL” authority? Or a bug?
This is expected behaviour with the ‘ALL’ authority. You would not be able to restrict access to most objects created for a user with All authority in their user role. This is what distinguishes the default Superuser role from the rest.
The only instance I am aware of that the All authority is restricted by default is with Dashboard created as private.
I think the idea is that the All authority allows a sys admin to troubleshoot most issues without having to request access from a user that might either not be able to provide the access required or does not know how to.
Hope that helps.
Regards,
Busoye Anifalaje (PhD)
Director of Services (Principal), BAO Systems
This is expected behaviour with the ‘ALL’ authority. You would not be able to restrict access to most objects created for a user with All authority in their user role. This is what distinguishes the default Superuser role from the rest.
The only instance I am aware of that the All authority is restricted by default is with Dashboard created as private.
I think the idea is that the All authority allows a sys admin to troubleshoot most issues without having to request access from a user that might either not be able to provide the access required or does not know how to.
Hope that helps.
Regards,
Busoye Anifalaje (PhD)
Director of Services (Principal), BAO Systems
We are working on DHIS version 2.24 (revision - 23565). We are testing the behaviour of restricting data Sets through User Roles. We have created a user role with all the authorities, except ‘ALL’ authority. And did not assign any data Sets to this user role. Then we assigned the role to a user. So, when the user is logged in, and opens data entry app, and goes to the right organisation unit where that particular data set is assigned to, the user cannot find any data sets. This is the expected behaviour. However, we modified the user role, by giving only the ‘ALL’ authority now (no other authorities are given). And tested the same again. Now, the user is able to see the data set in the data entry app, even if the data set is not assigned to the user role. Is this expected of the user who has “ALL” authority? Or a bug?