wiki:UserRoles

Roles and privileges

Background

The data entry operation is not something that Akshara will be in complete control of in the future. There will be multiple partner organisations who will run KLP programmes in different geographies.

It therefore becomes essential to restrict the DEO’s access to the data that they can see, create and update. A hierarchy of user privileges is not of much value in a de-centralised model. It is better to have a set of privileges and these can be associated to any user within the system. The privilege of assigning privileges is itself a privilege and can be assigned.

Privileges

Each [KLPNewMIS#UseCases? use case], except recover password, is associated with a privilege. Privileges are restricted to a subset of the master data (individuals and institutions).

It is important to keep the association with the proper master data element. For instance, associating a user with Bangalore and explicitly associating a user with all schools in Bangalore might seem equivalent but are not. Associating a user with an aggregator (such as district, block, etc.) is not to be done. Explicit association with the appropriate subject is required.

Convenience functions to associate privileges to aggregators may be provided but these will internally explicitly associate the user to the leaves of the aggregator at the time of the association.

Aggregations

For convenience's sake, the privileges can be grouped into roles. This provides an easy method of assigning a pre-defined set of privileges to a user.

However, this is merely a convenience use case, if necessary, the individual privileges of a user can be manipulated.

Programme co-ordinator

The following privileges are associated with this role:

  • Create individual
  • Delete individual
  • Edit individual
  • Create institution
  • Create institution component
  • Merge institution
  • Delete institution
  • Programme statistics
  • Create programme
  • Create assessment
  • Delete assessment
  • Associate assessment
  • Generate assessment forms

Data entry manager

  • Create user
  • Assign privileges
  • Update form receipt register
  • Update form assignment register
  • Programme statistics

Boundary manager

  • Create boundary hierarchy
  • Create boundary
  • Merge boundary
  • Delete boundary
  • Edit boundary
Last modified 8 years ago Last modified on 03/10/10 16:31:37