List of permissions and their meaning

[Jørn Ivar Klungsøyr]

Hi,

Do we have a list somewhere of the many permissions and their specific meaning?

Thanx,  

Jørn

 

____________________________________________________________________________
Jorn Klungsoyr
openXdata - Centre for International Health, University of Bergen, Norway
www.openxdata.org / www.cih.uib.no / www.openrosa.org / www.open-mobile.org
Mobile: +4791365731, Skype/GoogleTalk: jornklung Alternative email: jorn.kl...@gmail.com
Post: Postboks 7800, 5020 Bergen, Visit: Årstadveien 21, 5th Floor, Bergen
                       ------¤¤¤¤------

 

[Sarah Bird]

not that I'm aware of - would be useful though.

bird

--
You received this message because you are subscribed to the Google Groups "openXdata Users" group.
To post to this group, send email to openxda...@googlegroups.com.
To unsubscribe from this group, send email to openxdata-use...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openxdata-users?hl=en.

[Dagmar Timler]

There is a short description in the table, but it is not always very helpful. Also I think some of the permissions have become unused since the move to the dashboard. Perhaps we need a ticket to cleanup and document the permissions?

Dagmar

[Jørn Ivar Klungsøyr]

Thanx,

 

Also just found (as you said) that there is a description of the permissions in the database table permissions.

 

Creating a ticket for as you propose sounds like a good idea.

 

Was this not earlier more accessible in the admin console?

I thought there was a panel for defining the permissions.

I may recall wrongly :)

 

Jørn

 

 

____________________________________________________________________________
Jorn Klungsoyr
openXdata - Centre for International Health, University of Bergen, Norway
www.openxdata.org / www.cih.uib.no / www.openrosa.org / www.open-mobile.org
Mobile: +4791365731, Skype/GoogleTalk: jornklung Alternative email: jorn.kl...@gmail.com
Post: Postboks 7800, 5020 Bergen, Visit: Årstadveien 21, 5th Floor, Bergen
                       ------¤¤¤¤------

 

[Dagmar Timler]

Hi

Yes there was a panel to define permissions quite a few releases ago, but as they can only be used in the code it was decided that there was little point to maintaining a UI and permissions should be added by developers directly in the database via liquibase updates.

Dagmar

[Jørn Ivar Klungsøyr]

Sounds good, so what we should probably have is a simple UI listing of those permissions.
I’ll create a ticket for that.

 

Attached is a matrix of what is there today.

 

Best jørn

[Mark Gerard]

+1

Mark

On Nov 16, 2011, at 2:59 PM, Dagmar Timler wrote:

Hi

There is a listing of permissions - when you are assigning them to a Role. I think perhaps that UI should be improved rather than creating a new one. E.g. perhaps clicking on the Role will pull up the description in a component underneath the list.

Dagmar

[Dagmar Timler]

Sorry what I meant to say is that clicking on a Permission will show the description in a component underneath the list.

On Wed, Nov 16, 2011 at 3:59 PM, Dagmar Timler <diggi...@gmail.com> wrote:

Hi

There is a listing of permissions - when you are assigning them to a Role. I think perhaps that UI should be improved rather than creating a new one. E.g. perhaps clicking on the Role will pull up the description in a component underneath the list.

Dagmar

[Dagmar Timler]

Hi

There is a listing of permissions - when you are assigning them to a Role. I think perhaps that UI should be improved rather than creating a new one. E.g. perhaps clicking on the Role will pull up the description in a component underneath the list.

Dagmar

[Jørn Ivar Klungsøyr]

That would be a good solution.

Created a ticket for that.

https://trac.openxdata.org/ticket/558

Best

[Dagmar Timler]

Hi

I have done some work on a ticket that provides details on how the permissions are used in the system.

https://trac.openxdata.org/ticket/559

I also added some SQL to the ticket to produce a report in the matrix format.

Thanks

Dagmar

--

[Sarah Bird]

Dagmar,

This is awesome - thanks!

Can I turn the spreadsheet that you've attached into a wiki page?

Best,

Bird

[Dagmar Timler]

That would be great, but perhaps consider leaving out the "backend @Secured" column - not sure how useful that column is to non-techies (you could just say that all the permissions are used to secure the services available on the server).

I'm going to follow up and delete some of the un-used permissions, so I can update the page after that.

[Sarah Bird]

Hi Dagmar,

I've completed the wiki page: https://trac.openxdata.org/wiki/permissions

I'm looking at Role_Data_Collector vs Role_Mobile_User

Mobile User

• Role_Mobile_User
• collects data via mobile phone
  • Perm_Add_Form_Data
  • Perm_Edit_My_Form_Data
  • Perm_View_Forms
  • Perm_View_Studies
  • Perm_View_Users

Data Collector

• Role_Data_Collector
• collects data online
  • Perm_Add_Form_Data
  • Perm_Dashboard
  • Perm_Edit_My_User
  • Perm_View_Forms
  • Perm_View_Studies

Given that they are similar roles but on a different platform I am wondering about the differences in permissions.

They have the following permissions in common (makes sense):

• Perm_Add_Form_Data
• Perm_View_Forms
• Perm_View_Studies

Role_Data_Collector has the unique permissions (makes sense):

• Perm_Dashboard
• Perm_Edit_My_User <- should we update the description to explicitly state that edit is done through the Dashboard UI

Role_Mobile_User has the unique permissions:

• Perm_Edit_My_Form_Data
• Perm_View_Users

My two questions:

1) Why doesn't the Role_Data_Collector have permission to edit their own form data if the mobile use does
2) Why does the mobile user have the View_Users permission. I am guessing this has something to do with the need to download users to the mobile client to authenticate. If so then we should just update the description of the permission to reflect this.

Cheers,

Bird