Before the introduction of Access Control, organisation users with access to the field app could access all functions (i.e. registration, enrolments, search etc.) in the app. There was a need for some implementations to limit access to specific functions in order to reduce the number of options visible to end users and simplify the workflow for them while also providing a mechanism for access control.
Access Control is implemented via User Groups to facilitate this need. This functionality is available to Organisation admins in the Admin section of the Web app under the User Groups menu.
- The access control rules are applicable in the field app, data entry app, and the web app.
- Access control is not applicable to the reporting app.
User Groups represent a collection of users and a set of privileges allowed to these users. User with EditUserGroup and EditUserConfiguration privilege can define as many groups as they need to define the access control required for their organisation. Each group can be assigned a set of privileges (or all privileges using the switch available at the top).
Each user can be added to multiple groups.
If any of the groups that a user belongs to allows a particular privilege, the user will have access to that function.
By default, the system creates an
Everyone and an
Everyone group includes all the users in the organisation.
Administrators group grants all the privileges to allow access to all the functionality.
Users cannot be removed from
Everyone group but the privileges associated with this group can be modified. The has all privileges flag cannot be reset for
The following privileges are available in order to allow organisation admins to configure fine-grained access to functions for the org users. These privileges are configurable per entity type i.e. a group could have the 'View subject' privilege allowed for subject type 'abc' but disallowed for subject type 'xyz'.
- The Subject level privileges are configurable for each Subject Type setup in your organisation.
- The Enrolment level privileges are configurable for each program setup in your organisation.
- The Encounter level privileges are configurable for each Encounter Type (General or Program) setup in your organisation.
- The Checklist level privileges are configurable for each Program containing checklists for your organisation.
|Controls whether field users can see subjects of a particular subject type in the app.
All other privileges are dependent on this privilege. If disallowed, field users cannot see or access any functionality for the specific subject type.
|Allows field users to register new subjects.
|Allows field users to edit previously registered subjects.
|Allows field users to void previously registered subjects.
|Allows field users to add a member to household subject.
|Allows field users to edit previously added household members.
|Allows field users to remove previously added household members.
|Allows field users to enrol a subject into a program.
|View enrolment details
|Allows field users to view the program enrolment details for a subject.
|Edit enrolment details
|Allows field users to edit the program enrolment details for a subject.
|Allows field users to exit a subject from a program.
|Allows field users to view encounters for a subject.
|Allows field users to schedule encounters for a subject.
|Allows field users to perform encounters for a subject.
|Allows field users to edit previously saved encounter details.
|Allows field users to cancel a previously scheduled encounter.
|Allows field users to void an encounter
|Allows field users to view checklist.
|Allows field users to edit checklist.
* Only for 'Household' subject types
** Only available as part of Avni 4.0 release (not a full list)
Some of these privileges imply others. For example, allowing the 'Register Subject' privilege implies that the group will also have 'View Subject' allowed. The system handles these dependencies automatically.
You can add all your users to the
Yes some of the app designer and admin user interface (or non-operational data) is open to all users with read access. This data is not confidential in any of the implementations of Avni, hence this has been kept open for any user with login to the organisation.
No, the server also check for the access privileges of the user.
Access of super admin is restricted to non-operational data of the organisations. Operational data cannot be viewed as well by super admin. This is to provide visibility to the organisations about who can view their data.
Updated 3 months ago