Delegated authority

[anninawersun]

Problem statement

Those responsible for registration e.g. Registrar are not always the ones conducting the actual work.

Proposed work

• A registrar can delegate authority to an agent in their office.
• System admin can delegate authority
• Delegated authority means a Registration agent can register applications and this is tracked and viewable by the Registrar.

Success criteria

(The criteria that must be met in order to consider this piece of work a success)

User stories

• GIVEN I am a registrar WHEN I am on the team page THEN I can see all the users in my team

• GIVEN I click on the sub menu icon WHEN I that user is an agent THEN I can see the delegate authority action button

• GIVEN I click on the sub menu icon WHEN I that user is an agent THEN I can see the delegate authority action button

Design

https://www.figma.com/file/HplYu3vGJjAz3u1AmNJ50C/00.OpenCRVS-Specifications?node-id=1196%3A5

Scope

(Current requirements)

Future work

(Future requirements)

[euanmillar]

Some technical notes and some rough estimation: (2 sprints of work including QA)

1. User-mgnt & Auth: A new scope should be created "del-auth" replacing "validate" in the JWT. We need to force the reg agent to log out and log back in again so we have to invalidate any token - 3
2. User-mgnt: In the user model of the registration agent, there should be a single string of userID for the registrar to which this user is acting on behalf of and assigning this value - 3
3. Workflow microservice: Audit trail ... When registering as a reg agent with delegated authority, we must insert a new task type into history of something like "APPROVAL_TO_REGISTER_WITH_DEL_AUTH" before the register step that tracks that "The registration agent approved this application to be registered with delegated authority". - 3
4. Workflow microservice: Adjust the regLastLocation, regLastPractitioner values so that certificate has the right signature. - 2
5. Client - Application: Introduce new text for task history - 2, user settings - 1
6. Client - Team: Form to assign delegated authority and additionally select the registrar to whom you are giving permission to act on behalf of. Must be able to remove delegated authority. List must have some indication that this reg agent has delegated authority. - 3
7. Metrics: We must handle the new delegated authority event so that the audit trail on employees and applications is handled appropriately in the Performance views - 2
8. Search: We must handle the new delegated authority event so that task history is updated in the client Application view. - 2
9. Add 10% contingency for unknown bugs, amends in QA - 3

[eduffus]

Requires a legal basis to be implementable. Once we have a country that wants this we can build.