Hi @akshika47 @k.joseph,
Basically my plan is to create the privileges first, so the roles can be created later according to the user requirements. We can secure the Different pages and options in Module UI with these privileges.
So these are the privileges I suggest for the DHIS Connector module.
- View_Data
- Push_Data
- Manage_Metadata
Previously I thought to create a new privilege for Import/export options. But in a previous meeting @k.joseph suggested to include that too in the manage_metadata privilege
This is how the module will work for the users with/without these privileges.
Users without any privilege
- Can’t access the module
Users with View_Data privilege
- Can access the module
- Have read access to these pages
- Configure DHIS Server (Read only)
- Location Mapping (Read only)
- Automation (Read only)
Users with Push_Data privilege
- Can access the module
- Have access to these pages
- Configure DHIS Server (Read only)
- Location Mapping (Read only)
- Automation
- Can’t add/delete records
- Can run/re-run automated mappings
- Run Reports
- Can push data or download ADX or JSON
- Failed Data
- Can push failed data
Users with Manage_Metadata privilege
- Can access the module
- Have access to these pages
- Configure DHIS Server
- Can update the connection
- Location Mapping
- Can edit/add mappings
- Automation
- Can add/delete records
- Can’t push data
- Create Mappings
- Manage Mappings
- Import/Export mappings
- Import/Export DHIS2 API
- Configure DHIS Server
After creating the privileges, we have to update the pages and options to display according to the user privileges. Also the backend endpoints will be updated to work according to the privileges. Then we can create roles with the combinations of these privileges.
This is the approach I thought to take. I would love to have your suggestions too. Is it ok to proceed with this or do I have to change anything?