Open MartinWahnschaffe opened 1 year ago
@JaquM-HZI Can we please have a proposal or a template, what the description should include and what not?
This is our current status (besides a few new user rights):
@JaquM-HZI I'm not really sure which of these user rights need a more detailed descriptions. E.g. for CASE_ARCHIVE I don't think it would make sense to explain what archiving means in general - this is something that needs to be explained in other places.
@MartinWahnschaffe This table is fine for me, but we should have, like you said, explain the meaning for stuff like archiving, BAG, etc. and maybe we should have in mind, that we know the system really well, but an new SORMAS Admin does not know all the professional terms like travel outbreaks, campaigns, infrastructure, actions or where to find them. So for new users it is not possible to imagine the result of this right. Can we add this information in the third column or a fourth?
You mean like a general explanation on archiving that is put in a separate column and added to every archiving-related user right? Is there already content on this provided by the Akademie or similar?
@kwa20 FYI
@markusmann-vg @MartinWahnschaffe
@JaquM-HZI and I discussed this Issue and we have defined the following points:
We decided that HZI will be responsible for Point 3. Everything we can describe, we will describe. Only the things that are unclear to us, we hand over to you. Point 2 should be done for 1.76. Point 1 and 3 can be done for 1.77.
@SahaLinaPrueger @JaquM-HZI The extra column "place" is a good idea! I have updated the description above accordingly.
On the "other decidable dependencies" column: From my point of view PERSON_VIEW is currently the only user right where this would be relevant, so I'd simply put it into the description there (as done below).
I had a look at the user rights today and have created the following list of user rights and descriptions. For all other user rights I would propose to remove the description, because it's redundant information based on the caption. I guess this is a good start for you when providing additional descriptions for the user rights.
User Right | Group | Caption | Description |
---|---|---|---|
CASE_VIEW | Case Surveillance | View existing cases | Able to view cases based on assignment and jurisdiction. |
CASE_REFER_FROM_POE | Case Surveillance | Refer case from point of entry | Able to refer a case from a point of entry to a health facility or other place. |
IMMUNIZATION_VIEW | Immunization | View existing immunizations and vaccinations | Able to view immunizations and vaccinations based on assignment and jurisdiction. |
PERSON_VIEW | Persons | View existing persons | Able to view persons of accessible cases, contacts, events, immunizations or travel entries. At least one related view right should be given as-well. |
SAMPLE_VIEW | Sample Testing | View existing samples | Able to view samples based on related cases, contacts, event participants or assignment. |
ADDITIONAL_TEST_VIEW | Sample Testing | View existing additional tests | Able to view additional tests of samples. |
CONTACT_VIEW | Contact Surveillance | View existing contacts | Able to view contacts based on related cases, assignment and jurisdiction. |
TASK_VIEW | Tasks | View existing tasks | Able to view tasks based on assignment and related cases, contacts, events and travel entries. |
EVENT_VIEW | Events | View existing events | Able to view events based on assignment, jurisdiction and related cases, event participants and samples. |
EVENTPARTICIPANT_VIEW | Events | View existing event participants | Able to view event participants of accessible events. |
PORT_HEALTH_INFO_VIEW | Port Health | View port health info | Able to view the port health information of a case. |
WEEKLYREPORT_VIEW | Aggregated Reporting | View weekly reports | Able to view weekly reports based on jurisdiction. |
WEEKLYREPORT_CREATE | Aggregated Reporting | Create weekly reports | Able to create weekly reports. This functionality is only available for users of the Android app. |
AGGREGATE_REPORT_VIEW | Aggregated Reporting | View aggregate reports | Able to view aggregate reports based on jurisdiction. |
AGGREGATE_REPORT_EDIT | Aggregated Reporting | Create and edit aggregate reports | |
SEE_PERSONAL_DATA_IN_JURISDICTION | Data Protection | See personal data in jurisdiction | Fields like the first and last name of a person are considered personal data. See data dictionary for more details on this. |
SEE_PERSONAL_DATA_OUTSIDE_JURISDICTION | Data Protection | See personal data outside jurisdiction | Fields like the first and last name of a person are considered personal data. See data dictionary for more details on this. |
SEE_SENSITIVE_DATA_IN_JURISDICTION | Data Protection | See sensitive data in jurisdiction | Fields like the responsible user of a case are considered sensitive data. See data dictionary for more details on this. |
SEE_SENSITIVE_DATA_OUTSIDE_JURISDICTION | Data Protection | See sensitive data outside jurisdiction | Fields like the responsible user of a case are considered sensitive data. See data dictionary for more details on this. |
CAMPAIGN_FORM_DATA_VIEW | Campaigns | View existing campaign form data | Able to view campaign form data based on jurisdiction. |
TRAVEL_ENTRY_VIEW | Travel Entries | View existing travel entries | Able to view travel entries based on assignment and jurisdiction. |
DOCUMENT_VIEW | Documents | View existing documents | Able to view documents based on related cases, contacts, events, etc. |
PERFORM_BULK_OPERATIONS | General | Perform bulk operations in lists | Able to perform bulk operations in lists of all data types that don't have a dedicated user right for bulk operations. |
PERFORM_BULK_OPERATIONS_PSEUDONYM | General | Perform bulk operations on pseudonymized data | Able to perform bulk operations even on data that is pseudonymized. |
SORMAS_REST | General | Access Sormas Android & ReST | User is allowed to access the SORMAS Android app and ReST API. |
SORMAS_UI | General | Access Sormas Web UI | User is allowed to access the SORMAS web application. |
SEND_MANUAL_EXTERNAL_MESSAGES | External Systems | Send manual SMS to case persons | Able to send manual SMS to case persons based on their provided mobile phone number. |
MANAGE_EXTERNAL_SYMPTOM_JOURNAL | External Systems | Manage external symptom journal | Able to manage the usage of an external symptom journal for individual cases and contacts. |
EXTERNAL_VISITS | External Systems | External visits | Technical user right needed to access external visits REST endpoints |
SORMAS_TO_SORMAS_CLIENT | External Systems | Sormas to Sormas Client | Technical user right needed to allow external systems to send data to the SORMAS to SORMAS client. |
SORMAS_TO_SORMAS_SHARE | External Systems | Share data from one SORMAS instance to another | Able to share accessible cases, contacts, events and external messages including related data to other SORMAS instances. |
SORMAS_TO_SORMAS_PROCESS | External Systems | Process shares | Process incoming data shared by another system via SORMAS to SORMAS. |
EXTERNAL_MESSAGE_VIEW | External Systems | View and fetch messages | Able to view existing external messages and to manually fetch messages, e.g. from an external laboratory information system. |
EXTERNAL_MESSAGE_PROCESS | External Systems | Process messages | Able to process fetched external messages to assign or create samples, cases, contacts, etc. |
PERFORM_BULK_OPERATIONS_EXTERNAL_MESSAGES | External Systems | Perform bulk operations in messages list | Able to perform bulk operations in messages list |
LINE_LISTING_CONFIGURE | Configuration | Configure line listing | Able to configure the availability of line listing per disease and district. |
DEV_MODE | Configuration | Access developer options | Able to access developer options in the configuration directory, e.g. to generate test data. |
Nice, i like the description "based on related cases, contacts...", because this part includes exactly what I meant by the column 'other decidable dependencies'. And even beyond that it makes the user aware of things like jurisdictions. @MartinWahnschaffe Could you please check if everywhere where there has to be a "based on", this is also mentioned?
So SORMAS_TO_SORMAS_SHARE would be for example: Able to share data from one SORMAS instance to another SORMAS instance based on related cases and contacts. (explanation: because without the right to edit cases or edit contacts you are not able to share data) Additional Information: ACTION_CREATE would NOT be: Create new actions based on related events. Can stay as it is, because EVENT_VIEW is already a needed user right of ACTION_CREATE. So we do not have to describe dependencies which are already implemented.
In my opinion this should be enough and we don't need an extra column 'other decidable dependencies'. @JaquM-HZI is also fine with this.
Another little comment: Able to perform bulk oeprations even on data that is pseudonymized has a little spelling mistake 'oeprations'.
Could you please check if everywhere where there has to be a "based on", this is also mentioned?
Sure, I thought that I did exactly that, but it looks like I missed SORMAS_TO_SORMAS_SHARE. I have added it now. I don't see other user rights that fall into this pattern, so I hope this is complete now.
Problem Description
Currently they just replicate the caption of the user right
Proposed Solution