Access management in openIMIS
Access management dimensions:
Authorities (CI, roles and Authorities)
Location (CI, User District)
External affiliation
HF user (CI, CA)
PolicyHolder User (CI, PolicyHolder user)
How access is checked
for Scheme user:
the user role must have the authorities required to the the action and the recipient of the action must belong to a location or service provider within the user districts
for External user
the user must have the External user authority in action to a register relation with the external partner attached the the recipient (ex. CA on HF for a claim )
Change to be done:
add HF user specific authorities
create an HF user table (or make PHuser more generic)
link to HF
link to user
Update the claim to take a user iso CA
CA table should become a view for compatibility
id = User ID
uuid = user UUID
code = user login
lastname = User Name
other_name = User other name
dob = user DOB (to be added if not existing)
email_id = user email
phone = user phone
HF = HF user HF
Add village specific authorities for Enrollment
drop the EO table and change the EO village to UserVillage (or merged to Policyholder table into an External user table ? )
create a EO view for compatibility
Question : Should we create a contact table to have CA without user ? (could be reused fro practitioner)
Action upon deletion of an user
all related accesss CI must be “deleted“ too (flag deleted to True)
Action upon deletion of an external partner
in all case the relation between the users and the external partner must de “deleted“ too
if the users are only related to that given external partner (have no relation to other external partner ) then the user must be deactivated
Full admin
Every system need super admin to solve issues experienced by other user
change required:
add a “is_admin“ to interactive user
if “is_admin“ is true all “check permission“ must return True
block Technical user
Allow user to is_admin = True to connect to django admin