Add more details to the descriptions of user rights

[MartinWahnschaffe]

Problem Description

Currently they just replicate the caption of the user right

Proposed Solution

• [x] Provide notification descriptions for #10310
• [x] Provide more details on VIEW user rights
• [x] PERSON_VIEW: At least one of CASE_VIEW, CONTACT_VIEW, ...
• [x] SORMAS_REST + UI: Clearly differentiate
• [x] Check for any other user right that may need additional explanation
• [ ] Add a "Place" column that shortly describes where to find the related feature in the Web UI. A dedicated issue will be needed to add this information to the system and the user roles & rights description sheets. Suggested approach: Take the latest version of SORMAS_User_Roles, add a place column and add the "path" as suggested by Saha below. For example: ACTION_CREATE = Events - Event - Event action CASE_VIEW = Cases CASE_MERGE = Cases - More - Merge duplicates SORMAS_TO_SORMAS_SHARE = Cases - Case - Share, Contacts - Contact - Share.

[markusmann-vg]

@JaquM-HZI Can we please have a proposal or a template, what the description should include and what not?

[MartinWahnschaffe]

This is our current status (besides a few new user rights):

User Right | Caption | Description -- | -- | -- CASE_CREATE | Create new cases | Able to create new cases CASE_VIEW | View existing cases | Able to view existing cases CASE_EDIT | Edit existing cases | Able to edit existing cases CASE_TRANSFER | Transfer cases to another region/district/facility | Able to transfer cases to another region/district/facility CASE_REFER_FROM_POE | Refer case from point of entry | Able to refer case from point of entry CASE_INVESTIGATE | Edit case investigation status | Able to edit case investigation status CASE_CLASSIFY | Edit case classification and outcome | Able to edit case classification and outcome CASE_CHANGE_DISEASE | Edit case disease | Able to edit case disease CASE_CHANGE_EPID_NUMBER | Edit case epid number | Able to edit case epid number CASE_DELETE | Delete cases from the system | Able to delete cases from the system CASE_IMPORT | Import cases into SORMAS | Able to import cases into SORMAS CASE_EXPORT | Export cases from SORMAS | Able to export cases from SORMAS CASE_SHARE | Share cases with the whole country | Able to share cases with the whole country CASE_ARCHIVE | Archive cases | Able to archive cases CASE_MERGE | Merge cases | Able to merge cases CASE_RESPONSIBLE | Can be responsible for a case | Can be responsible for a case IMMUNIZATION_VIEW | View existing immunizations and vaccinations | Able to view existing immunizations and vaccinations IMMUNIZATION_CREATE | Create new immunizations and vaccinations | Able to create new immunizations and vaccinations IMMUNIZATION_EDIT | Edit existing immunizations and vaccinations | Able to edit existing immunizations and vaccinations IMMUNIZATION_DELETE | Delete immunizations and vaccinations from the system | Able to delete immunizations and vaccinations from the system IMMUNIZATION_ARCHIVE | Archive immunizations | Able to archive immunizations PERSON_VIEW | View existing persons | Able to view existing persons PERSON_EDIT | Edit existing persons | Able to edit existing persons PERSON_DELETE | Delete persons from the system | Able to delete persons from the system PERSON_CONTACT_DETAILS_DELETE | Delete person contact details | Able to delete person contact details PERSON_EXPORT | Export persons | Able to export persons SAMPLE_CREATE | Create new samples | Able to create new samples SAMPLE_VIEW | View existing samples | Able to view existing samples SAMPLE_EDIT | Edit existing samples | Able to edit existing samples SAMPLE_EDIT_NOT_OWNED | Edit samples reported by other users | Able to edit samples reported by other users SAMPLE_DELETE | Delete samples from the system | Able to delete samples from the system SAMPLE_TRANSFER | Transfer samples to another lab | Able to transfer samples to another lab SAMPLE_EXPORT | Export samples from SORMAS | Able to export samples from SORMAS PATHOGEN_TEST_CREATE | Create new pathogen tests | Able to create new pathogen tests PATHOGEN_TEST_EDIT | Edit existing pathogen tests | Able to edit existing pathogen tests PATHOGEN_TEST_DELETE | Delete pathogen tests from the system | Able to delete pathogen tests from the system ADDITIONAL_TEST_VIEW | View existing additional tests | Able to view existing additional tests ADDITIONAL_TEST_CREATE | Create new additional tests | Able to create new additional tests ADDITIONAL_TEST_EDIT | Edit existing additional tests | Able to edit existing additional tests ADDITIONAL_TEST_DELETE | Delete additional tests from the system | Able to delete additional tests from the system CONTACT_CREATE | Create new contacts | Able to create new contacts CONTACT_IMPORT | Import contacts | Able to import contacts CONTACT_VIEW | View existing contacts | Able to view existing contacts CONTACT_ARCHIVE | Archive contacts | Able to archive contacts CONTACT_ASSIGN | Assign contacts to officers | Able to assign contacts to officers CONTACT_EDIT | Edit existing contacts | Able to edit existing contacts CONTACT_DELETE | Delete contacts from the system | Able to delete contacts from the system CONTACT_CLASSIFY | Edit contact classification | Able to edit contact classification CONTACT_CONVERT | Create resulting cases from contacts | Able to create resulting cases from contacts CONTACT_EXPORT | Export contacts from SORMAS | Able to export contacts from SORMAS CONTACT_REASSIGN_CASE | Reassign the source case of contacts | Able to reassign the source case of contacts CONTACT_MERGE | Merge contacts | Able to merge contacts CONTACT_RESPONSIBLE | Can be responsible for a contact | Can be responsible for a contact MANAGE_EXTERNAL_SYMPTOM_JOURNAL | Manage external symptom journal | Able to manage external symptom journal VISIT_CREATE | Create new visits | Able to create new visits VISIT_EDIT | Edit existing visits | Able to edit existing visits VISIT_DELETE | Delete visits from the system | Able to delete visits from the system VISIT_EXPORT | Export visits from SORMAS | Able to export visits from SORMAS TASK_CREATE | Create new tasks | Able to create new tasks TASK_VIEW | View existing tasks | Able to view existing tasks TASK_EDIT | Edit existing tasks | Able to edit existing tasks TASK_ASSIGN | Assign tasks to users | Able to assign tasks to users TASK_DELETE | Delete tasks from the system | Able to delete tasks from the system TASK_EXPORT | Export tasks from SORMAS | Able to export tasks from SORMAS ACTION_CREATE | Create new actions | Able to create new actions ACTION_DELETE | Delete actions from the system | Able to delete actions from the system ACTION_EDIT | Edit existing actions | Able to edit existing actions EVENT_CREATE | Create new events | Able to create new events EVENT_VIEW | View existing events | Able to view existing events EVENT_EDIT | Edit existing events | Able to edit existing events EVENT_IMPORT | Import events | Able to import events EVENT_EXPORT | Export events from SORMAS | Able to export events from SORMAS EVENT_ARCHIVE | Archive events | Able to archive events EVENT_DELETE | Delete events from the system | Able to delete events from the system EVENT_RESPONSIBLE | Can be responsible for an event | Can be responsible for an event EVENTPARTICIPANT_ARCHIVE | Event participant archive | Able to archive event participants EVENTPARTICIPANT_CREATE | Create new event participants | Able to create new event participants EVENTPARTICIPANT_EDIT | Edit existing event participants | Able to edit existing event participants EVENTPARTICIPANT_DELETE | Delete event participants from the system | Able to delete event participants from the system EVENTPARTICIPANT_IMPORT | Import event participants | Able to import event participants EVENTPARTICIPANT_VIEW | View existing event participants | Able to view existing event participants EVENTGROUP_CREATE | Create new event groups | Able to create new event groups EVENTGROUP_EDIT | Edit existing event groups | Able to edit existing event groups EVENTGROUP_LINK | Link events to event groups | Able to link events to event groups EVENTGROUP_ARCHIVE | Archive event groups | Able to archive event groups EVENTGROUP_DELETE | Delete event groups from the system | Able to delete event groups from the system WEEKLYREPORT_CREATE | Create weekly reports | Able to create weekly reports WEEKLYREPORT_VIEW | View weekly reports | Able to view weekly reports USER_CREATE | Create new users | Able to create new users USER_EDIT | Edit existing users | Able to edit existing users USER_VIEW | View existing users | Able to view existing users SEND_MANUAL_EXTERNAL_MESSAGES | Send manual external messages | Able to send manual external messages STATISTICS_ACCESS | Access statistics | Able to access statistics STATISTICS_EXPORT | Export detailed statistics from SORMAS | Able to export detailed statistics from SORMAS DATABASE_EXPORT_ACCESS | Export the whole database | Able to export the whole database PERFORM_BULK_OPERATIONS | Perform bulk operations in lists | Able to perform bulk operations in lists PERFORM_BULK_OPERATIONS_EVENT | Perform bulk operations in the event directory | Able to perform bulk operations in the event directory PERFORM_BULK_OPERATIONS_EVENTPARTICIPANT | Perform bulk operations in the event participants directory | Able to perform bulk operations in the event participants directory MANAGE_PUBLIC_EXPORT_CONFIGURATION | Manage public export configurations | Able to manage public export configurations PERFORM_BULK_OPERATIONS_CASE_SAMPLES | Perform bulk operations on case samples | Able to perform bulk operations on case samples PERFORM_BULK_OPERATIONS_PSEUDONYM | Perform bulk pseudonomization | Able to perform bulk pseudonomization INFRASTRUCTURE_CREATE | Create new regions/districts/communities/facilities | Able to create new regions/districts/communities/facilities INFRASTRUCTURE_EDIT | Edit regions/districts/communities/facilities | Able to edit regions/districts/communities/facilities INFRASTRUCTURE_VIEW | View regions/districts/communities/facilities in the system | Able to view regions/districts/communities/facilities in the system INFRASTRUCTURE_EXPORT | Export infrastructure data from SORMAS | Able to export infrastructure data from SORMAS INFRASTRUCTURE_IMPORT | Import infrastructure data | Able to import infrastructure data INFRASTRUCTURE_ARCHIVE | Archive infrastructure data | Able to archive infrastructure data DASHBOARD_SURVEILLANCE_VIEW | Access the surveillance supervisor dashboard | Able to access the surveillance supervisor dashboard DASHBOARD_CONTACT_VIEW | Access the contact supervisor dashboard | Able to access the contact supervisor dashboard DASHBOARD_CONTACT_VIEW_TRANSMISSION_CHAINS | View contact transmission chains on the dashboard | Able to view contact transmission chains on the dashboard DASHBOARD_CAMPAIGNS_VIEW | Access campaigns dashboard | Able to access campaigns dashboard CASE_CLINICIAN_VIEW | Access case sections concerned with clinician | Able to access case sections concerned with clinician THERAPY_VIEW | View existing therapies | Able to view existing therapies PRESCRIPTION_CREATE | Create new prescriptions | Able to create new prescriptions PRESCRIPTION_EDIT | Edit existing prescriptions | Able to edit existing prescriptions PRESCRIPTION_DELETE | Delete prescriptions from the system | Able to delete prescriptions from the system TREATMENT_CREATE | Create new treatments | Able to create new treatments TREATMENT_EDIT | Edit existing treatments | Able to edit existing treatments TREATMENT_DELETE | Delete treatments from the system | Able to delete treatments from the system CLINICAL_COURSE_VIEW | View the clinical course of cases | Able to view the clinical course of cases CLINICAL_COURSE_EDIT | Edit the clinical course of cases | Able to edit the clinical course of cases CLINICAL_VISIT_CREATE | Create new clinical visits | Able to create new clinical visits CLINICAL_VISIT_EDIT | Edit existing clinical visits | Able to edit existing clinical visits CLINICAL_VISIT_DELETE | Delete clinical visits from the system | Able to delete clinical visits from the system PORT_HEALTH_INFO_VIEW | View port health info | Able to view port health info PORT_HEALTH_INFO_EDIT | Edit existing port health info | Able to edit existing port health info POPULATION_MANAGE | Manage population data | Able to manage population data DOCUMENT_TEMPLATE_MANAGEMENT | Manage document templates | Able to manage document templates QUARANTINE_ORDER_CREATE | Create new quarantine orders | Able to create new quarantine orders LINE_LISTING_CONFIGURE | Configure line listing | Able to configure line listing AGGREGATE_REPORT_VIEW | Create new aggregate reports | Able to create new aggregate reports AGGREGATE_REPORT_EXPORT | Export aggregate reports from SORMAS | Able to export aggregate reports from SORMAS AGGREGATE_REPORT_EDIT | Edit existing aggregate reports | Able to edit existing aggregate reports SEE_PERSONAL_DATA_IN_JURISDICTION | See personal data in jurisdiction | Able to see personal data in jurisdiction SEE_PERSONAL_DATA_OUTSIDE_JURISDICTION | See personal data outside jurisdiction | Able to see personal data outside jurisdiction SEE_SENSITIVE_DATA_IN_JURISDICTION | See sensitive data in jurisdiction | Able to see sensitive data in jurisdiction SEE_SENSITIVE_DATA_OUTSIDE_JURISDICTION | See sensitive data outside jurisdiction | Able to see sensitive data outside jurisdiction CAMPAIGN_VIEW | View existing campaigns | Able to view existing campaigns CAMPAIGN_EDIT | Edit existing campaigns | Able to edit existing campaigns CAMPAIGN_ARCHIVE | Archive campaigns | Able to archive campaigns CAMPAIGN_DELETE | Delete campaigns from the system | Able to delete campaigns from the system CAMPAIGN_FORM_DATA_VIEW | View existing campaign form data | Able to view existing campaign form data CAMPAIGN_FORM_DATA_EDIT | Edit existing campaign form data | Able to edit existing campaign form data CAMPAIGN_FORM_DATA_ARCHIVE | Archive campaign form data | Able to archive campaign form data CAMPAIGN_FORM_DATA_DELETE | Delete campaign form data from the system | Able to delete campaign form data from the system CAMPAIGN_FORM_DATA_EXPORT | Export campaign form data from SORMAS | Able to export campaign form data from SORMAS BAG_EXPORT | Perform BAG export | Able to perform BAG export SORMAS_TO_SORMAS_SHARE | Share data from one SORMAS instance to another | Able to share data from one SORMAS instance to another EXTERNAL_MESSAGE_VIEW | View and fetch messages | Able to view and fetch messages EXTERNAL_MESSAGE_PROCESS | Work with messages | Able to work with messages EXTERNAL_MESSAGE_DELETE | Delete messages from the system | Able to delete messages PERFORM_BULK_OPERATIONS_EXTERNAL_MESSAGES | Perform bulk operations in messages list | Able to perform bulk operations in messages list TRAVEL_ENTRY_MANAGEMENT_ACCESS | Access the travel entry directory | Able to access the travel entry directory TRAVEL_ENTRY_VIEW | View existing travel entries | Able to view existing travel entries TRAVEL_ENTRY_CREATE | Create new travel entries | Able to create new travel entries TRAVEL_ENTRY_EDIT | Edit existing travel entries | Able to edit existing travel entries TRAVEL_ENTRY_DELETE | Delete travel entries from the system | Able to delete travel entries from the system TRAVEL_ENTRY_ARCHIVE | Archive travel entries | Able to archive travel entries EXPORT_DATA_PROTECTION_DATA | Export data protection data | Able to export data protection data OUTBREAK_VIEW | View outbreaks | Able to view outbreaks OUTBREAK_EDIT | Edit outbreaks | Able to edit outbreaks SORMAS_REST | Access Sormas REST | Able to access the SORMAS REST interface SORMAS_UI | Access Sormas UI | Able to access the SORMAS graphical user interface SORMAS_TO_SORMAS_CLIENT | Sormas to Sormas Client | Techincal user right for the SORMAS to SORMAS interface EXTERNAL_VISITS | External visits | Able to access external visits REST endpoints DEV_MODE | Access developer options | Able to access developer options in the configuration directory

@JaquM-HZI I'm not really sure which of these user rights need a more detailed descriptions. E.g. for CASE_ARCHIVE I don't think it would make sense to explain what archiving means in general - this is something that needs to be explained in other places.

[JaquM-HZI]

@MartinWahnschaffe This table is fine for me, but we should have, like you said, explain the meaning for stuff like archiving, BAG, etc. and maybe we should have in mind, that we know the system really well, but an new SORMAS Admin does not know all the professional terms like travel outbreaks, campaigns, infrastructure, actions or where to find them. So for new users it is not possible to imagine the result of this right. Can we add this information in the third column or a fourth?

[MartinWahnschaffe]

You mean like a general explanation on archiving that is put in a separate column and added to every archiving-related user right? Is there already content on this provided by the Akademie or similar?

[MartinWahnschaffe]

@kwa20 FYI

[SahaLinaPrueger]

@markusmann-vg @MartinWahnschaffe

@JaquM-HZI and I discussed this Issue and we have defined the following points:

• [ ] 1. we need an extra column 'place' where is described where to find the 'result' when the right is activated. For example: ACTION_CREATE = Events - Event - Event Action CASE_VIEW = Cases CASE_MERGE = Cases - more - merge duplicates SORMAS_TO_SORMAS_SHARE = Cases - Case - share AND/OR Contacts - Contact - share. For rights, which have no effect on the UI: Not visible on UI Repetitions are no problem
• [ ] 2. we need an extra column 'other decidable dependencies'. In this column all possible 'OR-behaviours' has to be mentioned. This does not have to be programmed because of the effort, but the user must know that he has to decide here. For example: PERSON_VIEW: At least one of CASE_VIEW, CONTACT_VIEW, EVENT_PARCTICIPANT_VIEW, TRAVEL_ENTRY_VIEW SORMAS_TO_SORMAS_SHARE: At least one of CASE_EDIT, CONTACT_EDIT
• [ ] 3. Update the descriptions of all user rights that are more complicated than "Allows users to view cases"

We decided that HZI will be responsible for Point 3. Everything we can describe, we will describe. Only the things that are unclear to us, we hand over to you. Point 2 should be done for 1.76. Point 1 and 3 can be done for 1.77.

[MartinWahnschaffe]

@SahaLinaPrueger @JaquM-HZI The extra column "place" is a good idea! I have updated the description above accordingly.

On the "other decidable dependencies" column: From my point of view PERSON_VIEW is currently the only user right where this would be relevant, so I'd simply put it into the description there (as done below).

I had a look at the user rights today and have created the following list of user rights and descriptions. For all other user rights I would propose to remove the description, because it's redundant information based on the caption. I guess this is a good start for you when providing additional descriptions for the user rights.

User Right	Group	Caption	Description
CASE_VIEW	Case Surveillance	View existing cases	Able to view cases based on assignment and jurisdiction.
CASE_REFER_FROM_POE	Case Surveillance	Refer case from point of entry	Able to refer a case from a point of entry to a health facility or other place.
IMMUNIZATION_VIEW	Immunization	View existing immunizations and vaccinations	Able to view immunizations and vaccinations based on assignment and jurisdiction.
PERSON_VIEW	Persons	View existing persons	Able to view persons of accessible cases, contacts, events, immunizations or travel entries. At least one related view right should be given as-well.
SAMPLE_VIEW	Sample Testing	View existing samples	Able to view samples based on related cases, contacts, event participants or assignment.
ADDITIONAL_TEST_VIEW	Sample Testing	View existing additional tests	Able to view additional tests of samples.
CONTACT_VIEW	Contact Surveillance	View existing contacts	Able to view contacts based on related cases, assignment and jurisdiction.
TASK_VIEW	Tasks	View existing tasks	Able to view tasks based on assignment and related cases, contacts, events and travel entries.
EVENT_VIEW	Events	View existing events	Able to view events based on assignment, jurisdiction and related cases, event participants and samples.
EVENTPARTICIPANT_VIEW	Events	View existing event participants	Able to view event participants of accessible events.
PORT_HEALTH_INFO_VIEW	Port Health	View port health info	Able to view the port health information of a case.
WEEKLYREPORT_VIEW	Aggregated Reporting	View weekly reports	Able to view weekly reports based on jurisdiction.
WEEKLYREPORT_CREATE	Aggregated Reporting	Create weekly reports	Able to create weekly reports. This functionality is only available for users of the Android app.
AGGREGATE_REPORT_VIEW	Aggregated Reporting	View aggregate reports	Able to view aggregate reports based on jurisdiction.
AGGREGATE_REPORT_EDIT	Aggregated Reporting	Create and edit aggregate reports
SEE_PERSONAL_DATA_IN_JURISDICTION	Data Protection	See personal data in jurisdiction	Fields like the first and last name of a person are considered personal data. See data dictionary for more details on this.
SEE_PERSONAL_DATA_OUTSIDE_JURISDICTION	Data Protection	See personal data outside jurisdiction	Fields like the first and last name of a person are considered personal data. See data dictionary for more details on this.
SEE_SENSITIVE_DATA_IN_JURISDICTION	Data Protection	See sensitive data in jurisdiction	Fields like the responsible user of a case are considered sensitive data. See data dictionary for more details on this.
SEE_SENSITIVE_DATA_OUTSIDE_JURISDICTION	Data Protection	See sensitive data outside jurisdiction	Fields like the responsible user of a case are considered sensitive data. See data dictionary for more details on this.
CAMPAIGN_FORM_DATA_VIEW	Campaigns	View existing campaign form data	Able to view campaign form data based on jurisdiction.
TRAVEL_ENTRY_VIEW	Travel Entries	View existing travel entries	Able to view travel entries based on assignment and jurisdiction.
DOCUMENT_VIEW	Documents	View existing documents	Able to view documents based on related cases, contacts, events, etc.
PERFORM_BULK_OPERATIONS	General	Perform bulk operations in lists	Able to perform bulk operations in lists of all data types that don't have a dedicated user right for bulk operations.
PERFORM_BULK_OPERATIONS_PSEUDONYM	General	Perform bulk operations on pseudonymized data	Able to perform bulk operations even on data that is pseudonymized.
SORMAS_REST	General	Access Sormas Android & ReST	User is allowed to access the SORMAS Android app and ReST API.
SORMAS_UI	General	Access Sormas Web UI	User is allowed to access the SORMAS web application.
SEND_MANUAL_EXTERNAL_MESSAGES	External Systems	Send manual SMS to case persons	Able to send manual SMS to case persons based on their provided mobile phone number.
MANAGE_EXTERNAL_SYMPTOM_JOURNAL	External Systems	Manage external symptom journal	Able to manage the usage of an external symptom journal for individual cases and contacts.
EXTERNAL_VISITS	External Systems	External visits	Technical user right needed to access external visits REST endpoints
SORMAS_TO_SORMAS_CLIENT	External Systems	Sormas to Sormas Client	Technical user right needed to allow external systems to send data to the SORMAS to SORMAS client.
SORMAS_TO_SORMAS_SHARE	External Systems	Share data from one SORMAS instance to another	Able to share accessible cases, contacts, events and external messages including related data to other SORMAS instances.
SORMAS_TO_SORMAS_PROCESS	External Systems	Process shares	Process incoming data shared by another system via SORMAS to SORMAS.
EXTERNAL_MESSAGE_VIEW	External Systems	View and fetch messages	Able to view existing external messages and to manually fetch messages, e.g. from an external laboratory information system.
EXTERNAL_MESSAGE_PROCESS	External Systems	Process messages	Able to process fetched external messages to assign or create samples, cases, contacts, etc.
PERFORM_BULK_OPERATIONS_EXTERNAL_MESSAGES	External Systems	Perform bulk operations in messages list	Able to perform bulk operations in messages list
LINE_LISTING_CONFIGURE	Configuration	Configure line listing	Able to configure the availability of line listing per disease and district.
DEV_MODE	Configuration	Access developer options	Able to access developer options in the configuration directory, e.g. to generate test data.

[SahaLinaPrueger]

Nice, i like the description "based on related cases, contacts...", because this part includes exactly what I meant by the column 'other decidable dependencies'. And even beyond that it makes the user aware of things like jurisdictions. @MartinWahnschaffe Could you please check if everywhere where there has to be a "based on", this is also mentioned?

So SORMAS_TO_SORMAS_SHARE would be for example: Able to share data from one SORMAS instance to another SORMAS instance based on related cases and contacts. (explanation: because without the right to edit cases or edit contacts you are not able to share data) Additional Information: ACTION_CREATE would NOT be: Create new actions based on related events. Can stay as it is, because EVENT_VIEW is already a needed user right of ACTION_CREATE. So we do not have to describe dependencies which are already implemented.

In my opinion this should be enough and we don't need an extra column 'other decidable dependencies'. @JaquM-HZI is also fine with this.

Another little comment: Able to perform bulk oeprations even on data that is pseudonymized has a little spelling mistake 'oeprations'.

[MartinWahnschaffe]

Could you please check if everywhere where there has to be a "based on", this is also mentioned?

Sure, I thought that I did exactly that, but it looks like I missed SORMAS_TO_SORMAS_SHARE. I have added it now. I don't see other user rights that fall into this pattern, so I hope this is complete now.