Access Control

Before the introduction of Access Control, organisation users with access to the field app could access all functions (i.e. registration, enrolments, search etc.) in the app. There was a need for some implementations to limit access to specific functions in order to reduce the number of options visible to end users and simplify the workflow for them while also providing a mechanism for access control.

Access Control is implemented via User Groups to facilitate this need. This functionality is available to Organisation admins in the Admin section of the webapp under the User Groups menu.

Applicability

  • The access control rules are only applicable in the field app and data entry app.
  • Access control is not applicable to the reporting app.

User Groups

User Groups represent a collection of users and a set of privileges allowed to these users. Organisation admins can define as many groups as they need to define the access control required for their organisation.

Each user can be added to multiple groups.

Privileges are Additive

If any of the groups that a user belongs to allows a particular privilege, the user will have access to that function.

Default configuration - Everyone Group

By default, the system creates an Everyone group which includes all the users in the organisation and by default grants all the privileges to allow access to all functionality.

Users cannot be removed from this group but the privileges associated with this group can be modified.

Privileges

The following privileges are available in order to allow organisation admins to configure fine-grained access to functions for the org users. These privileges are configurable per entity type i.e. a group could have the 'View subject' privilege allowed for subject type 'abc' but disallowed for subject type 'xyz'.

  • The Subject level privileges are configurable for each Subject Type setup in your organisation.
  • The Enrolment level privileges are configurable for each program setup in your organisation.
  • The Encounter level privileges are configurable for each Encounter Type (General or Program) setup in your organisation.
  • The Checklist level privileges are configurable for each Program containing checklists for your organisation.

Entity Type

Privilege

Explanation

Subject

View subject

Controls whether field users can see subjects of a particular subject type in the app.

All other privileges are dependent on this privilege. If disallowed, field users cannot see or access any functionality for the specific subject type.

Subject

Register subject

Allows field users to register new subjects.

Subject

Edit subject

Allows field users to edit previously registered subjects.

Subject

Void subject

Allows field users to void previously registered subjects.

Subject

Add member*

Allows field users to add a member to household subject.

Subject

Edit member*

Allows field users to edit previously added household members.

Subject

Remove member*

Allows field users to remove previously added household members.

Enrolment

Enrol subject

Allows field users to enrol a subject into a program.

Enrolment

View enrolment details

Allows field users to view the program enrolment details for a subject.

Enrolment

Edit enrolment details

Allows field users to edit the program enrolment details for a subject.

Enrolment

Exit enrolment

Allows field users to exit a subject from a program.

Encounter

View visit

Allows field users to view encounters for a subject.

Encounter

Schedule visit

Allows field users to schedule encounters for a subject.

Encounter

Perform visit

Allows field users to perform encounters for a subject.

Encounter

Edit visit

Allows field users to edit previously saved encounter details.

Encounter

Cancel visit

Allows field users to cancel a previously scheduled encounter.

Checklist

View checklist

Allows field users to view checklist.

Checklist

Edit checklist

Allows field users to edit checklist.

* Only for 'Household' subject types

Some of these privileges imply others. For example, allowing the 'Register Subject' privilege implies that the group will also have 'View Subject' allowed. The system handles these dependencies automatically.

Typical Workflow to Configure Access Control

In order to allow only specific users to access a particular functionality, the steps typically involved would be:

  1. Access the User Groups menu in the Admin section of the web app.
  2. Disallow 'All privileges' on the Everyone group. The list of privileges will be displayed.
  1. Configure the privileges for the Everyone group to only allow access to the common functionalities that all users should have access to.
  2. Create a new group.
  3. Add only the users who need access to the particular functionalities to this new group.
  4. Set the privileges on this new group to allowed only for the particular functionalities you want to control access to via this group.
  5. Ask your users to perform a sync on the field app.

What if I have a simple setup with no separate users?

The default configuration will suit your needs and no separate configuration is required.