Non-admin users in the CHT are linked to a place and a contact (see facility_id in schema). With the addition of custom user management roles, we can now make many user-manager accounts with each one linked to a single place and contact.
After this change, these non-admin users:
Can only create users at or below their place in the CHT hierarchy
Can only see search results which are under their place in the CHT hierarchy
Must be linked to a place or they cannot login to CHT user management tool
Note that this is UI sugar and does not actually limit the permissions of these CHT user accounts. Users witjh these roles are able to create users anywhere on the instance (including other user manager user) via the CHT API. This is security through obfuscation. Core feature request https://github.com/medic/cht-core/issues/8876
11
Non-admin users in the CHT are linked to a place and a contact (see facility_id in schema). With the addition of custom user management roles, we can now make many user-manager accounts with each one linked to a single place and contact.
After this change, these non-admin users:
Note that this is UI sugar and does not actually limit the permissions of these CHT user accounts. Users witjh these roles are able to create users anywhere on the instance (including other user manager user) via the CHT API. This is security through obfuscation. Core feature request https://github.com/medic/cht-core/issues/8876
fyi @jonathanbataire @freddieptf