21.3 Manage users

21.3.1 Create a user

  1. Open the Users app and click on the + in the Users card.

  2. Select whether you want to fill in all the personal user information, or invite the user by email to complete the rest of the user information:
  • Create account with user details Choose this option if you would like to enter all the login details of the new user such as username, password, etc. Under these conditions, the fields username, password, surname, first name, and roles are mandatory.

    After you’ve created the user, the account is ready for the user to use with the user name and password that you provide.

  • Email invitation to create account Choose this option if you want to send an invitation by email to the user. Then she/he must return to DHIS2 and finish setting up their user account. The account that the user finishes setting up will be limited according to how you configure the account.

    In order to use this feature “Enable email message notifications” in SystemSettings -> Messaging should be checked.

    Enter the email address to which the invitation should be sent. If you want to, you may also enter the user name that the account will have. If you leave the user name empty, then the user may choose their own user name when they respond to the invitation (as long as it is not taken already for another user.)

    After you’ve created the user, the system sends an email to the address you provided. It contains a unique web link by which the user can return to the system and activate their account by entering the rest of their user information. The user must finish setting up the account within 4 days, after that the invitation becomes invalid.
  1. (Optional) Provide values for the fields OpenID, LDAP identifier, Mobile phone number, WhatsApp, Facebook messenger, Skype, Telegram and Twitter .

  2. Select an Interface language .
    You can select a language into which fixed elements of the DHIS2 user interface have been translated.

  3. Select a Database language .
    You can select a language into which implementation-supplied items have been translated in the database, for example data element names or organisation unit level names.

  4. In the Available roles section, double-click the user roles you want to assign to the user.

  5. Select Data capture and maintenance organisation units .

    The data capture and maintenance organisation units control for which organisation units the user can do data entry. You must assign at least one data capture and maintenance organisation unit to each user.

    Users will have access to all sub-organisation units of the assigned organisation units. For example, if you’ve assigned a user to a district which has several facilities contained in the district, the user would have access to the district’s data, as well as all of the facilities contained within the district.

  6. (Optional) Select Data output and analysis organisation units .

    The data output and analysis organisation units controls for which organisation units the user can view aggregated data in the analytics apps, for example the Pivot Table and GIS apps. You can assign any number of data output and analysis organisation units to a user.

    Users will have access to all sub-organisation units of the assigned organisation units. You shouldn’t select the descendants of an organisation unit which you have already selected. For example, if you’ve assigned the user to a district, you shouldn’t select the facilities within that district.

Note

Assigning data output and analysis organisation units organisation units is optional. If you don’t specify any organisation unit, the user will have access to the full organisation unit hierarchy for viewing aggregated data. As with the data capture organisation units, you should not select descendant organisation units of a unit which you have already selected .

In several places in the analytics apps, you can select “user organisation unit” for the organisation unit dimension. This mechanism will first attempt to use the data view organisation units linked to the current user. If not found, it will use the data capture and maintenance organisation units. If the user has been assigned to multiple organisation units, the use of “user organisation unit” may result in unpredictable behaviour.

  1. Click Show more options and an additional three fields will show. (Optional)

  2. In the Search organisation units select the organisation units you want the user to be able to search in.

  3. (Optional) In the Available user groups section, double-click the user groups you want to assign to the user.

  4. (Optional) In the Available dimension restrictions for data analytics section, double-click the dimensions you want to assign to the user.

    You can restrict the values the user sees in data analytics apps by selecting dimensions that will restrict the user’s view.

Example

Let’s say you have defined Implementing Partner as a category option group set, and you have shared with this user only one or more specific implementing partners (category option groups). If you want to make sure that the user does not see totals in analytics that include values from other groups, assign Implementing Partner to the user.

This insures that any data visible to the user through the analytics apps will be filtered to select only the Implementing Partner category option group(s) which are visible to the user.

  1. Click Save .

21.3.2 Edit user objects

  1. Open the Users app and find the type of user object you want to edit.

  2. In the object list, directly click the relevant object, or click the menu icon and select Edit .

  3. Modify the options you want.

  4. Click Save .

21.3.3 Disable users

You can disable a user. This means that the user’s account is not deleted, but the user can’t log in or use DHIS2.

  1. Open the Users app and click User .

  2. In the list, click the menu icon of relevant user record and select Disable .

  3. Click OK to confirm.

21.3.4 Display a user’s profile

  1. Open the Users app and click User .

  2. In the list, click the menu icon of the relevant user and select Profile .

21.3.5 Filter users by organisation unit

You can view all users that have been assigned to a particular organisation unit.

  1. Open the Users app and click Users .

  2. Above the user list, click on the Organisation Unit filter input.

  3. A pop-up will appear in which you can select the organisation units you would like to filter by.

The list of users will be filtered to only include users which have been assigned to the selected organisation units.

21.3.6 Clone users

  1. Open the Users app and click User .

  2. In the object list, click the menu icon of the relevant user and select Replicate .

  3. Enter a new user name and password for the cloned user account.

  4. Click Replicate .

  5. In the object list, click the user you just created and click Edit .

  6. Modify the options you want.

  7. Click Save .

21.3.7 Change user password

The following rules apply when you create a new password:

  • Password must contain at least one special character, that is any character other then alphabets and digit numbers.

  • Password must contain at least one upper case character.

  • Password must contain at least one digit number.

  • Password can not contain user’s user name or email address.

  • Password can not contain generic words for example system , admin , user , login , manager etc.

  • Password can not be one of the previous 24 passwords the user has used.

    This doesn’t apply in case a super user resets the password for another user.

  • Password must contain more than minimum number of characters.

    Note

    You can configure the minimum number of characters: Open the System Settings app and click Access > Minimum characters in password .

  • Password can not contain more than 40 characters

To change a user’s password:

  1. Open the Users app and click User .

  2. In the object list, click the menu icon of the relevant user and select Edit .

  3. Enter a new password and retype it.

  4. Click Save .

21.3.8 Delete user objects

  1. Open the Users app and find the type of user object you want to delete.

  2. In the object list, click the menu icon of the relevant object and select Remove .

  3. Click OK to confirm.

21.3.9 Display details of user objects

  1. Open the Users app and find the type of user object you want to view.

  2. In the object list, click the menu icon of the relevant object and select Show details .

21.3.10 Disable a user’s Two Factor Authentication

If a user has enabled Two Factor Authentication and then loses access to his/her authentication device (e.g. smartphone gets lost or broken), this user will not be able to log into the system any more. To solve this issue, a user manager can disable Two Factor Authentication for the affected user, so that the user is able to access the system again using just a password.

  1. Open the Users app and click Users .

  2. In the object list, click the menu icon of the relevant user and select Disable Two Factor Authentication .

  3. Click OK to confirm

Note

The option to disable Two Factor Authentication will only be available for users that have set up Two Factor Authentication via the user-profile-app.