Re: [Dhis2-users] data level sharing and access control in 2.29

2018-04-16 Thread Markus Bekken 
Hi there!
To capture data for a given organization unit in the tree a user will need to 
have access to capture data for the organization or a parent, and you would 
also need Can capture data authority for the program, program stage or data 
set. The new data sharing levels work much the same as the old user role based 
program/dataset access, but provides more fine-grained options for giving 
access only to parts of a program. Hope this answers your question - let us 
know how well the new sharing levels fit your use case!

Markus

> 16. apr. 2018 kl. 13:09 skrev arungatom65 :
> 
> Halo Lars and Team
> Thanks alot for this update hopefully it will enhance access and control 
> rights to information sharing. Will it work within the cascade of hierarchy 
> of orgunits or pegged on the level of user roles?
> Thanks
> 
> 
> 
> Sent from my Samsung Galaxy smartphone.
>  Original message 
> From: Lars Helge Øverland mailto:l...@dhis2.org>> 
> Date: 16/04/2018 11:52 (GMT+03:00)
> To: DHIS 2 Users list  >, DHIS 2 Developers list 
> mailto:dhis2-d...@lists.launchpad.net>> 
> Subject: [Dhis2-users] data level sharing and access control in 2.29
> 
> 
> Hi all,
> 
> in 2.29 we introduced a significant change in the access control solution in 
> DHIS 2.
> 
> In essence, two new levels within the sharing solution were introduced: Can 
> capture data and Can view data. These levels applies to capturing data/events 
> and viewing data/events in analytics, and complements the two existing levels 
> so that we now have:
> 
> Metadata
> --
> 1. Can edit and view metadata
> 2. Can view metadata
> 
> Data/events
> --
> 3. Can capture and view data
> 4. Can view data
> 
> 
> This means that you can now control who can capture data for data sets, 
> programs and program stages through the sharing solution. Previous to 2.29 
> this was done through user roles, where data sets and programs were 
> associated with user roles.
> 
> You can also control who can see data in analytics for programs and category 
> options through the new "can view data" sharing level.
> 
> 
> We have updated the sharing user documentation to reflect this:
> 
> https://docs.dhis2.org/master/en/user/html/sharing.html 
> 
> 
> 
> We have also have some excellent new videos which elaborates on this topic - 
> look for "Data level sharing":
> 
> https://www.dhis2.org/spotlight 
> 
> 
> The motivation behind this change in the access control model is:
> 
> - It provides a single place to control access to DHIS 2 objects. The user 
> role associations to data sets and programs have been removed and replaced by 
> the mentioned sharing levels.
> 
> - It opens for more flexibility in access control. Going forward we plan to 
> introduce more fine-grained data level sharing and include support for 
> entities like data elements and tracked entity attributes.
> 
> - It allows better control over who can view data in analytics, in particular 
> for program and tracker data.
> 
> 
> The 2.29 upgrade script will create a user group per user role and share 
> those groups with the appropriate data sets and programs. You can of course 
> opt not to run this part of the script and instead do the upgrade manually.
> 
> https://github.com/dhis2/dhis2-utils/blob/master/resources/sql/upgrade-229.sql
>  
> 
> 
> 
> best regards,
> 
> Lars
> 
> 
> PS. thanks Nick Dutta for excellent videos.
> 
> 
> -- 
> Lars Helge Øverland
> Technical lead, DHIS 2
> University of Oslo
> l...@dhis2.org 
> https://www.dhis2.org 
> 
> ___
> Mailing list: https://launchpad.net/~dhis2-users 
> 
> Post to : dhis2-users@lists.launchpad.net 
> 
> Unsubscribe : https://launchpad.net/~dhis2-users 
> 
> More help   : https://help.launchpad.net/ListHelp 
> 
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

Re: [Dhis2-users] data level sharing and access control in 2.29

2018-04-16 Thread arungatom65 
Halo Lars and TeamThanks alot for this update hopefully it will enhance access 
and control rights to information sharing. Will it work within the cascade of 
hierarchy of orgunits or pegged on the level of user roles?Thanks


Sent from my Samsung Galaxy smartphone. Original message From: 
Lars Helge Øverland  Date: 16/04/2018  11:52  (GMT+03:00) To: 
DHIS 2 Users list , DHIS 2 Developers list 
 Subject: [Dhis2-users] data level sharing and 
access control in 2.29 

Hi all,
in 2.29 we introduced a significant change in the access control solution in 
DHIS 2.
In essence, two new levels within the sharing solution were introduced: Can 
capture data and Can view data. These levels applies to capturing data/events 
and viewing data/events in analytics, and complements the two existing levels 
so that we now have:
Metadata--1. Can edit and view metadata2. Can view metadata
Data/events--3. Can capture and view data4. Can view data

This means that you can now control who can capture data for data sets, 
programs and program stages through the sharing solution. Previous to 2.29 this 
was done through user roles, where data sets and programs were associated with 
user roles.
You can also control who can see data in analytics for programs and category 
options through the new "can view data" sharing level.

We have updated the sharing user documentation to reflect this:
https://docs.dhis2.org/master/en/user/html/sharing.html


We have also have some excellent new videos which elaborates on this topic - 
look for "Data level sharing":
https://www.dhis2.org/spotlight


The motivation behind this change in the access control model is:

- It provides a single place to control access to DHIS 2 objects. The user role 
associations to data sets and programs have been removed and replaced by the 
mentioned sharing levels.
- It opens for more flexibility in access control. Going forward we plan to 
introduce more fine-grained data level sharing and include support for entities 
like data elements and tracked entity attributes.
- It allows better control over who can view data in analytics, in particular 
for program and tracker data.

The 2.29 upgrade script will create a user group per user role and share those 
groups with the appropriate data sets and programs. You can of course opt not 
to run this part of the script and instead do the upgrade manually.
https://github.com/dhis2/dhis2-utils/blob/master/resources/sql/upgrade-229.sql


best regards,
Lars

PS. thanks Nick Dutta for excellent videos.

-- 
Lars Helge Øverland
Technical lead, DHIS 2University of oslol...@dhis2.org
https://www.dhis2.org


___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

Re: [Dhis2-users] data level sharing and access control in 2.29

2018-04-16 Thread Pamod Amarakoon 
Thank you Lars and the team for introducing this useful set of features and
Nick for the excellent video demonstrations.

On Mon, Apr 16, 2018 at 2:22 PM, Lars Helge Øverland  wrote:

>
> Hi all,
>
> in 2.29 we introduced a significant change in the access control solution
> in DHIS 2.
>
> In essence, two new levels within the sharing solution were introduced: *Can
> capture data* and *Can view data*. These levels applies to capturing
> data/events and viewing data/events in analytics, and complements the two
> existing levels so that we now have:
>
> Metadata
> --
> 1. Can edit and view metadata
> 2. Can view metadata
>
> Data/events
> --
> 3. Can capture and view data
> 4. Can view data
>
>
> This means that you can now control who can capture data for data sets,
> programs and program stages through the sharing solution. Previous to 2.29
> this was done through user roles, where data sets and programs were
> associated with user roles.
>
> You can also control who can see data in analytics for programs and
> category options through the new "can view data" sharing level.
>
>
> We have updated the sharing user *documentation* to reflect this:
>
> https://docs.dhis2.org/master/en/user/html/sharing.html
>
>
> We have also have some excellent new *videos* which elaborates on this
> topic - look for "Data level sharing":
>
> https://www.dhis2.org/spotlight
>
>
> The *motivation* behind this change in the access control model is:
>
> - It provides a single place to control access to DHIS 2 objects. The user
> role associations to data sets and programs have been removed and replaced
> by the mentioned sharing levels.
>
> - It opens for more flexibility in access control. Going forward we plan
> to introduce more fine-grained data level sharing and include support for
> entities like data elements and tracked entity attributes.
>
> - It allows better control over who can view data in analytics, in
> particular for program and tracker data.
>
>
> The 2.29 *upgrade* script will create a user group per user role and
> share those groups with the appropriate data sets and programs. You can of
> course opt not to run this part of the script and instead do the upgrade
> manually.
>
> https://github.com/dhis2/dhis2-utils/blob/master/
> resources/sql/upgrade-229.sql
>
>
> best regards,
>
> Lars
>
>
> PS. thanks Nick Dutta for excellent videos.
>
>
> --
> Lars Helge Øverland
> Technical lead, DHIS 2
> University of Oslo
> l...@dhis2.org
> https://www.dhis2.org
>
>
> ___
> Mailing list: https://launchpad.net/~dhis2-users
> Post to : dhis2-users@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Regards,
Pamod Amarakoon
MBBS (SL)
MSc (Biomedical Informatics), EMSc (Health Admin), PGCert (MedEd), CEH
HISP Sri Lanka

Confidentiality Notice: the information contained in this email and any
attachments may be legally privileged and confidential. If you are not an
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this e-mail is strictly prohibited. If you have
received this e-mail in error, please notify the sender and permanently
delete the e-mail and any attachments immediately. You should not retain,
copy or use this e-mail or any attachments for any purpose, nor disclose
all or any part of the contents to any other person.
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp