Chapter 15. Users and user roles

Table of Contents

15.1. About user management
15.1.1. About users
15.1.2. About user roles
15.1.3. About user groups
15.2. Workflow
15.3. Example: user management in a health system

15.1. About user management

Multiple users can access DHIS2 simultaneously and each user can have different authorities. You can fine-tune these authorities so that certain users can only enter data, while others can only generate reports.

  • You can create as many users, user roles and user groups as you need.

  • You can assign specific authorities to each user.

  • You can create multiple user roles each with their own authorities.

  • You can assign user roles to users to grant the users the corresponding authorities.

  • You can assign each user to organisation units. Then the user can enter data for the assigned organisation units.

Table 15.1. User management terms and definitions

Term

Definition

Example

Authority

A permission to perform one or several specific tasks

Create a new data element

Update an organisation unit

View a report

User

A person's DHIS2 user account

admin

traore

guest

User role

A group of authorities

Data entry clerk

System administrator

Antenatal care program access

User group

A group of users

Kenya staff

Feedback message recipients

HIV program coordinators


You manager users, user roles and user groups in the Users app.

Table 15.2. Objects in the Users app

Object type

Available functions

User

Create, edit, clone, disable, assign search organisation units, display by organisation unit, delete and show details

User role

Create, edit, share, delete and show details

User group

Create, edit, join, leave, share, delete and show details


15.1.1. About users

Each user in DHIS2 must have a user account which is identified by a user name. You should register a first and last name for each user as well as contact information, for example an email address and a phone number.

It is important that you register the correct contact information. DHIS2 uses this information to contact users directly, for example sending emails to notify users about important events. You can also use the contact information to share for example dashboards and pivot tables.

A user in DHIS2 is associated with an organisation unit. You should assign the organisation unit where the user works.

Example 15.1. 

When you create a user account for a district record officer, you should assign the district where he/she works as the organisation unit.


The assigned organisation unit affects how the user can use DHIS2:

  • In the Data Entry app, a user can only enter data for the organisation unit she is associated with and the organisation units below that in the hierarchy. For instance, a district records officer will be able to register data for her district and the facilities below that district only.

  • In the Users app, a user can only create new users for the organisation unit she is associated with in addition to the organisation units below that in the hierarchy.

  • In the Reports app, a user can only view reports for her organisation unit and those below. (This is something we consider to open up to allow for comparison reports.)

An important part of user management is to control which users are allowed to create new users with which authorities. In DHIS2, you can control which users are allowed to perform this task. The key principle is that a user can only grant authorities and access to data sets that the user itself has access to. The number of users at national, province and district level are often relatively few and can be created and managed by the system administrators. If a large proportion of the facilities are entering data directly into the system, the number of users might become unwieldy. It is recommended to delegate and decentralize this task to the district officers, it will make the process more efficient and support the facility users better.

15.1.2. About user roles

A user role in DHIS2 is a group of authorities. An authority means the permission to perform one or more specific tasks.

Example 15.2. 

A user role can contain authorities to create a new data element, update an organisation unit or view a report.


A user can have multiple user roles. If so, the user's authorities will be the sum of all authorities and data sets in the user roles. This means that you can mix and match user roles for special purposes instead of only creating new ones.

A user role is associated with a collection of data sets. This affects the Data Entry app: a user can only enter data for the data sets registered for his/her user role. This can be useful when, for example, you want to allow officers from health programs to enter data only for their relevant data entry forms.

Recommendations:

  • Create one user role for each position within the organisation.

  • Create the user roles in parallel with defining which user is doing which tasks in the system.

  • Only give the user roles the exact authorities they need to perform their job, not more. Only those who are supposed to perform a task should have the authorities to perform it.

15.1.3. About user groups

A user group is a group of users. You use user groups when you set up sharing of objects or notifications, for example push reports or program notifications.

See also:

Sharing

Manage program notifications

Mange push reports