...
Access management dimensions:
Authorities (CIConfiguration Items, roles and Authorities)
Location (CIConfiguration Items, User District, User Village)
External affiliation
HF user (CIConfiguration Items, CAClaim Administrator)
PolicyHolder User (CIConfiguration Items, PolicyHolder user)
How access is checked
...
add HF user specific authorities
create an HF user table (or make PHuser PH user more generic)
link to HF
link to user
Update the claim to take a user iso instead of a CA
CA table should become a view for compatibility
id = User ID
uuid = user UUID
code = user login
lastname = User Name
other_name = User other name
dob = user DOB (to be added if not existing)
email_id = user email
phone = user phone
HF = HF user HF
Add village specific authorities for Enrollment
drop the EO table and change the EO village to UserVillage (or merged to Policyholder table into an External user table ? )
create a EO view for compatibility
...
Question : Should we create a contact “contact” table to have CA without user ? (could be reused fro for practitioner) or have a user that cannot login
Action upon deletion of an user
all related accesss access CI must be “deleted“ too (flag deleted to True)
...
if the users are only related to that given external partner (have no relation to other external partner) then the user must be deactivated “deactivated”
Full admin
Every system need super admin to solve issues experienced by other user
...
add a “is_admin“ to interactive user
if “is_admin“ is true all “check permission“ must return True
only a super admin can define a user a super admin
block Technical user
Allow user to with is_admin = True to connect to django admin
nice to have: impersonisation of super admin as other user - all restriction of the selected user should be applied