User Management
- Carl Richter
- Tobias Kienlein
On this page you will find an introduction to the user management.
In the User Management you have an overview of all active and inactive users in the MIS tool.
Moreover, the MIS has an extensive permission scheme where you can define groups, roles and profiles to users individually.
Permission Scheme
The figure below outlines the logic of permissions that can be granted to users – these are differentiated between groups and roles.
Groups are defined though a set of roles for specific system sections. In addition, access rights to system features are managed and specified for Groups. Groups are assigned to individual users (one or several).
Roles are defined within Groups. Roles consist of a set of permissions for specific ressources. Roles concern permissions regarding data collections, indicators, indicator activity, result models, submissions and the unit. Roles can be assigned to individual users.
Permissions are predefined and concern editing, creating, deleting, viewing, archiving and approving. Permissions cannot be assigned to users on an individual basis and must be specified for users via roles.
Profiles are assigned to users and can be assigned to groups. Via profiles, restrictions on viewing and editing rights for submissions in data collections can be managed.
Users are the smallest unit in the permission scheme. All permissions are via profiles, groupd, roles and the specified permissions for the roles. At the user level, permissions cannot be altered.
The following table summarizes the permission scheme
Name | Description | Example |
|---|---|---|
Permission (static) | Right to perform a task | Edit, create, delete, view, archive and approve |
Ressource (static) | Technical component of the MIS | Data collections, indicator, indicator activity, result model, submission, unit |
Role (configurable) | Set of permissions for specific ressources | Data Reporter: Allowed to view data collections as well as to create and edit submissions |
Workspace (static) | The MIS can be divided into workspaces, that are seperate entities. You can jump between workspaces via the navigation. | 01 - Country A 02 - Country B |
Unit (static) | Subsection of a workspace
| 01 - Country A 0100 - Project 1 0101 - Project 2 02 - Country B 0200 - Project 1 0201 - Project 2 |
Group (configurable) | Set of roles for specific units and additionally access rights to system features. Permissions are inherited downwards. If a user has permissions to a workspace they are automatically granted for the subsections. | Data Reporters Country A: Allowed to view data collections as well as to create and edit submissions but only for country A |
Profile (configurable) | Restriction on viewing and editing rights for submissions in data collections | Data Reporters Country A with Profile District: Allowed to view data collections as well as to create and edit submissions but only for a specific district in country A. |
Roles
Roles group multiple permissions which can be individually assigned to users with respect to different ressources on the system.
Let's have a look at the example of the role of a “Data Reporter” below.
Users with the role “Data Reporter” can view data collections, indicators and a unit. Furthermore, the user can create, edit and view submissions.
The allocation of permissions to the ressources in user roles is freely definable. But the type of permissions as well as the ressources are static and not configurable.
Groups
Groups consist of multiple roles that can be devided for the different units in the system.
Let's have a look at the example of the group “Data Reporters - Project B” below.
Users in the group “Data Reporters - Project B” can view data collections, indicators and the unit as they have the “User” role.
Furthermore, the user can create, edit and view submissions but only in Project B. For Project A, the user only has the right to view the data collection and submissons.
Profiles
Independently to the User Groups and Roles you can set up a User Profile to restrict access to submissions inside of data collections. In other words, the submissions of a data collection will be filtered according to the Profile.
To stay with the previous example, a profile can be used if a user in the Group Data Reporters Project B is only suppossed to have access to the submissions in a data collections that relate to a specific district of Country A.