User roles and permissions #302
Comments
|
@scloo and @mikeymckay: The following is a proposal. Let's call this first table "Option A":
Assumptions: Columns: ** Roles and Permissions:** View reports = View Dashboard, Reports, Graphs, and Maps. View detailed records. PII on detailed records is masked. View PII = Same as view reports, but PII on detailed records is not masked. Administer system = Use mobile + View reports + access to functions for system administration. ** Notes: **
|
|
|
I removed all test* accounts from the demo database and created the following new demo* accounts: demoadmin I assigned the demoadmin account to MAGHARIBI district. In the process, I found that there was no look-up validation of this field. There should be. I've added an issue for this. I assigned demomobile1 to KATI district, and demomobile2 to MAGHARIBI district. This is to enable the transfer of cases between these two demo users. I assigned the demoreports user to MAGHARIBI district. There is one user in the database with the "researcher" role. I suggest that we delete that user account. We need to remove the "researcher" role, and add the "View PII" and "Export data" permissions. Then we need to set up demo accounts to test these permissions. We can certainly add the "Export data" permission to the demoreports account. All of the above still needs discussion. |
|
Did you change the password for these new accounts? Not able to login for any of them. |
|
Well, if you can’t hack into them…. Passwords on demo accounts are “password”.
…-gmc
Gordon M. Cressman
Senior Program Director | Research Computing Division | RTI International
Email: gmc@rti.org<mailto:gmc@rti.org> | Office: +1 919 541-6363 | Mobile: +1 919 271-7003 | Skype: gmcressman
Was this email too brief? Here is why<http://emailcharter.org/>
From: Steve Loo <notifications@github.com>
Reply-To: ICTatRTI/coconut-analytics <reply@reply.github.com>
Date: Monday, August 14, 2017 at 9:54 AM
To: ICTatRTI/coconut-analytics <coconut-analytics@noreply.github.com>
Cc: Gordon Cressman <gmc@rti.org>, Author <author@noreply.github.com>
Subject: Re: [ICTatRTI/coconut-analytics] User roles and permissions (#302)
Did you change the password for these new accounts? Not able to login for any of them.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#302 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAUIKIxelpfP8PoeIRqz0wgcH_Ob_4Lcks5sYFGcgaJpZM4NbF7N>.
|
|
Have you tried logging into democs analytics with these accounts? |
|
Yes. I have logged in to democs using each of the following demo accounts: demoadmin |
We permit an admin to declare user roles and permissions. These can be anything right now. The current roles are "admin,results,researcher". We need to rethink this. I propose the following:
admin = may access all functions of the Mobile and Analytics apps, including admin functions.
mobile = may access all functions of the Mobile app except admin functions. May not access the Analytics app
analytics = may access all function of the Analytics app except admin functions. May not access the Mobile app.
Does this make sense, considering use cases in Zanzibar? Do we need additional roles?
The text was updated successfully, but these errors were encountered: