User Role and User Management

I am interested in creating a User Role that allows users at the country-level of the organization to add/modify/delete users in their country. I have given this User Role the following permissions:

  • Metadata: User: Add/Update Public
  • Apps: Users app
  • System: Add/remove members in read-only user groups, Add/Update User Group Managing Relationships, Add/Update User within Managed Group, Replicate User, Send Email, View User, View User Group Managing Relationships.

When a user assigned to this role logs in, they can view users, and edit them, but there are no roles showing under Available Roles and Selected Roles. Without assigning a role, they cannot create a new user.

Thank you for your advice, and again I will put in a plug for some more detail in the documentation and some sample user roles or metadata templates that will make this process easier, with the minimum authorities that are needed for the basic roles that most organizations generally need.

1 Like

What version of DHIS2 are you using?
I tried to replicate this on 2.30, and it seems there is some sort of dependency or constraint.
Like the “user admin” cannot create a new user with higher authorities than the “user admin” has.
Also, can you make sure your userroles are shared accordingly or can be accessed by these new user admins.


1 Like

Hi Emma, Thanks for looking into this for me!
We are using Version: 2.30, Build revision: 17b47a2, Build date: 2019-02-05.
I checked the user roles and they are set to Public Access, anyone can find, edit, and view metadata for those roles.
I have tried to give access to the User Role metadata to this user admin role, and this did give the user permission to edit the role, but not permission to create a new user and assign them to any role.
Is this a use case that other organizations have, to give some users administration rights over other users, but not superuser authority?

1 Like

Does any other organization have experience creating a role that will allow users to create new users in their geography? I know that I could promote these individuals to superuser status, but I would not want to do this if it is not necessary. Thank you!

1 Like

Aside from the sharing of the roles and the rest of the setting you’ve done. There is one more you need to do.

  1. Go to System settings ->Access->Allow users to grant own user roles.

Note: That only users who can see the User App will be able to grant roles. So it’s still safe to use the setting.


I’m so disappointed that I deactivated my notifications and I only now am rediscovering my recent questions and answers in the community. Thank you for responding, I will see if this is still a need for our team and see if I can implement it soon.

I am still thinking about this setting: what does it actually mean? I hope it does not mean that a user can change their own role to promote themself to superuser.

1 Like

Hi @Mike_Johnson, hope you are well. you can easily set notifications for posts you would like to see from: How to set custom Notifications from the DHIS2 Community!