User roles and permissions
gmcressman opened this issue · 7 comments
We permit an admin to declare user roles and permissions. These can be anything right now. The current roles are "admin,results,researcher". We need to rethink this. I propose the following:
admin = may access all functions of the Mobile and Analytics apps, including admin functions.
mobile = may access all functions of the Mobile app except admin functions. May not access the Analytics app
analytics = may access all function of the Analytics app except admin functions. May not access the Mobile app.
Does this make sense, considering use cases in Zanzibar? Do we need additional roles?
@scloo and @mikeymckay: The following is a proposal. Let's call this first table "Option A":
| A | B | C | D | E | F |
|---|---|---|---|---|---|
| Role v | Mobile | Reports (1) | PII | Data Export (1) | Admin |
| Use mobile | X | ||||
| View reports | X | X | |||
| View PII | X | ||||
| Administer system | X |
Assumptions:
(1) Personal identifiers are masked.
Columns:
A = Role
B-F = Permissions (B = mobile.cococloud.co, C-F = cococloud.co)
** Roles and Permissions:**
Use mobile = Log into mobile app (mobile.cococloud.co plug-in) and access all functions in the mobile app, including Manage menu functions.
View reports = View Dashboard, Reports, Graphs, and Maps. View detailed records. PII on detailed records is masked.
View PII = Same as view reports, but PII on detailed records is not masked.
Administer system = Use mobile + View reports + access to functions for system administration.
** Notes: **
- All roles for cocococloud.co (Analytics) have access to the Export Data function. This assumes that PII is masked in the exported files. I have verified that PII is masked in the exported files.
- The "View PII" role should also be able to view reports (Dashboard, Reports, Graphs, Maps). We could simplify things by requiring the "View reports" role to be checked also. See Option B below.
- The "Administer system" role should be able to view everything except view PII. The "View PII" role can also be checked if the user should also be able to view PII. We could simplify this by requiring "Use mobile", "View reports", and "View PII" to be checked separately to provide access to that information. See Option B below:
| A | B | C | D | E | F |
|---|---|---|---|---|---|
| Role v | Mobile | Reports (1) | PII | Data Export (1) | Admin |
| Use mobile | X | ||||
| View reports | X | X | |||
| View PII | X | X | |||
| Administer system | X | X |
| A | B | C | D | E | F |
|---|---|---|---|---|---|
| Role v | Mobile | Reports (1) | PII | Data Export (1) | Admin |
| Use mobile | X | ||||
| View reports | X | ||||
| View PII | X | ||||
| Export data | X | ||||
| Administer system | X |
I removed all test* accounts from the demo database and created the following new demo* accounts:
demoadmin
demomobile1
demomobile2
demoreports
I assigned the demoadmin account to MAGHARIBI district. In the process, I found that there was no look-up validation of this field. There should be. I've added an issue for this.
I assigned demomobile1 to KATI district, and demomobile2 to MAGHARIBI district. This is to enable the transfer of cases between these two demo users.
I assigned the demoreports user to MAGHARIBI district.
There is one user in the database with the "researcher" role. I suggest that we delete that user account. We need to remove the "researcher" role, and add the "View PII" and "Export data" permissions. Then we need to set up demo accounts to test these permissions. We can certainly add the "Export data" permission to the demoreports account.
All of the above still needs discussion.
Did you change the password for these new accounts? Not able to login for any of them.
Have you tried logging into democs analytics with these accounts?
Yes. I have logged in to democs using each of the following demo accounts:
demoadmin
demomobile1
demomobile2
demoreports