.permissions
User Permissions: Assigning fine grained settings for user roles
Permissions are defined by the permissions object in the base_settings.json file. The list below illustrates the available system defined permissions. To utilize a permission, you will need to first add the permission as a property of the permissions object, and then associate the permission to user role(s).
Permissions can be assigned to user roles either directly in base_settings.json as an array of user role identifiers, or configured in the App Management app.
See Also: User roles
System defined permissions
| Property | Description |
|---|---|
can_edit | This is probably one of the most important permissions in CHT Framework. It allows creating, editing and deleting documents in CouchDB’s medic database. This permission overrides any other permission in this list. |
can_access_gateway_api | Allows access to gateway API |
can_aggregate_targets | Allows access to Target Aggregates page |
can_bulk_delete_reports | Allows users to select multiple reports and delete |
can_configure | Allows update of configuration parameters |
can_upgrade | Allows upgrades of the CHT Core Framework version via the API or admin interface |
can_create_people | Allows creation & editing of person contacts |
can_create_places | Allows creation & editing of place contacts |
can_create_records | Allows creation of reports |
can_create_users | Allows creation of user logins |
can_delete_contacts | Allows deletion of people and places |
can_delete_messages | Allows deletion of messages |
can_delete_reports | Allows deletion of reports |
can_delete_users | Allows deletion of users |
can_edit_profile | Allows editing of their own user profile |
can_edit_verification | Allows setting and editing of report verification status. To block the user from updating the existing status, use can_verify_reports instead. |
can_export_all | Allows export of data including data they do not have access to |
can_export_contacts | Allows export of contacts |
can_export_dhis | Allows export of DHIS2 metrics |
can_export_feedback | Allows export of user feedback |
can_export_messages | Allows export of reports and messages |
can_log_out_on_android | Displays logout menu item in hamburger menu for Android users and can be used to log out from the application |
can_update_places | Allows editing of place documents |
can_update_reports | Allows editing of report documents |
can_update_users | Allows editing of user documents |
can_verify_reports | Allows setting report verification status if no status is currently set. To allow the user to update the existing status, use can_edit_verification instead. |
can_view_analytics | Allows access to in-app analytics |
can_view_analytics_tab | Displays analytics tab on the application |
can_view_call_action | Displays a button to call the selected person |
can_view_contacts | Allows viewing contacts |
can_view_contacts_tab | Displays the contacts tab in the application |
can_view_last_visited_date | Enable display of the date a family was last visited |
can_view_message_action | Displays a button to send a message to the selected contact |
can_view_messages | Allows viewing messages |
can_view_messages_tab | Displays the messages tab in the application |
can_view_outgoing_messages | Allows viewing outgoing messages when logged in as an administrator |
can_view_reports | Allows viewing reports |
can_view_reports_tab | Displays the reports tab in the application |
can_view_tasks | Allows viewing tasks |
can_view_tasks_tab | Displays tasks tab in the application |
can_view_tasks_group | Displays all available tasks within same place after submitting |
can_view_uhc_stats | Allows users to view UHC metrics |
can_view_unallocated_data_records | Allows viewing reports that have no associated contact |
can_view_users | Allows viewing all user accounts |
can_write_wealth_quintiles | Allows updating contacts with wealth quintile information |
can_view_old_filter_and_search | Allows users to see the old filter and search in Reports Tab and Contact Tab which is considered deprecated and will be completely removed in a future release. Admin user will always see the new redesigned filter. See Feature Flags for more info. |
can_view_old_action_bar | Allows users to see the old action bar in Message Tab, Reports Tab and Contact Tab which is considered deprecated and will be completely removed in a future release. The More Options menu will be hidden when this permission is enabled. The Admin user will always see the new More Options menu. See Feature Flags for more info. |
can_default_facility_filter | Defaults the Place Filter in Reports tab to the user’s associated facility. The user should have a contact associated that belongs to a facility. This feature is not available for Admin and Offline type of users. Use with caution, online users that can access thousands of reports can experience slow performance especially where the network is slow. Added in 4.3. |
Code sample
This sample shows how to define the permissions object in the base_settings.json file. Observe how can_edit permission has been associated to supervisor_role and chw_role user roles.
"permissions": {
"can_edit": [ "supervisor_role", "chw_role" ],
"can_access_gateway_api": [ "supervisor_role" ],
"can_aggregate_targets": [ "supervisor_role", "chw_role" ],
...
...
}
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified 14.08.2023: chore: default filter clarification (#1150) (1efa7934)