User Permissions: Assigning fine grained settings for user roles

Permissions are defined by the permissions object in the base_settings.json file. Permissions can also be configured using the App Management app. Each permission is defined as an array of user role identifiers that have the permission granted.

See Also: User roles

app_settings.json .permissions{}

can_access_gateway_apiAllows access to gateway API
can_aggregate_targetsAllows access to Target Aggregates page
can_bulk_delete_reportsAllows users to select multiple reports and delete
can_configureAllows update of configuration parameters
can_upgradeAllows upgrades of the CHT Core Framework version via the API or admin interface
can_create_peopleAllows creation & editing of person contacts
can_create_placesAllows creation & editing of place contacts
can_create_recordsAllows creation of reports
can_create_usersAllows creation of user logins
can_delete_contactsAllows deletion of people and places
can_delete_messagesAllows deletion of messages
can_delete_reportsAllows deletion of reports
can_delete_usersAllows deletion of users
can_editAllows editing of documents in CouchDB
can_edit_profileAllows editing of their own user profile
can_edit_verificationAllows updating of report verification status
can_export_allAllows export of data including data they do not have access to
can_export_contactsAllows export of contacts
can_export_dhisAllows export of DHIS2 metrics
can_export_feedbackAllows export of user feedback
can_export_messagesAllows export of reports and messages
can_log_out_on_androidDisplays logout menu item in hamburger menu for android users and can be used to log out form the application
can_update_placesAllows editing of place documents
can_update_reportsAllows editing of report documents
can_update_usersAllows editing of user documents
can_verify_reportsAllows update of report verification status
can_view_analyticsAllows access to in-app analytics
can_view_analytics_tabDisplays analytics tab on the application
can_view_call_actionDisplays a button to call the selected person
can_view_contactsAllows viewing contacts
can_view_contacts_tabDisplays the contacts tab in the application
can_view_last_visited_dateEnable display of the date a family was last visited
can_view_message_actionDisplays a button to send a message to the selected contact
can_view_messagesAllows viewing messages
can_view_messages_tabDisplays the messages tab in the application
can_view_outgoing_messagesAllows viewing outgoing messages when logged in as an administrator
can_view_reportsAllows viewing reports
can_view_reports_tabDisplays the reports tab in the application
can_view_tasksAllows viewing tasks
can_view_tasks_tabDisplays tasks tab in the application
can_view_uhc_statsAllows users to view UHC metrics
can_view_unallocated_data_recordsAllows viewing reports that have no associated contact
can_view_usersAllows viewing all user accounts
can_write_wealth_quintilesAllows updating contacts with wealth quintile information