We doing some testing using a DHIS LIVE system. We have define a new role that has all authorities except for “ALL”. We then defined a user (e.g. User_Creator) and gave him this new role. When this user tries to create a new user, he does not have access to all roles in the “Available Roles” box. To view all roles, this user must be given “All” authority, which we do not want him to have. How do we allow access to more roles from which to choose when creating a user? How is a user associated with the number of roles he can access?
to allow a user to grant his own user roles to other, you can go to settings > access > and check “Allow users to grant own user roles”.
The general rule is that users can only give user roles to others if they themselves have all of the authorities in those roles. The purpose of this is to allow for distributed user management, where users can create users but only give them authorities which they have themselves.
The concept of allowing people to give out authorities they don’t have themselves is not secure anyway, since they could easily grant themselves a new user account with those extra authorities.
We doing some testing using a DHIS LIVE system. We have define a new role that has all authorities except for “ALL”. We then defined a user (e.g. User_Creator) and gave him this new role. When this user tries to create a new user, he does not have access to all roles in the “Available Roles” box. To view all roles, this user must be given “All” authority, which we do not want him to have. How do we allow access to more roles from which to choose when creating a user? How is a user associated with the number of roles he can access?