Composite role management

Owned by Patrick Delcroix
Last updated: Oct 14, 2024
1 min read

 

Location Management Rework

The current openIMIS location management system has limitations that need to be addressed to improve flexibility and scalability. This proposal aims to enhance the system by introducing a more versatile location-based authorization model and a hybrid authority system for composite rights.

Current Situation

  • Four-level location hierarchy: Region, District, Ward, Village

  • User-district association (UserDistrict) for access control

  • Enrollment officers limited to specific villages

  • Claim administrators linked to health facilities with district-level access

  • PolicyHolderUser table for associating users with PolicyHolders

Proposed Solution

Enhanced Location-Based Authorization

  1. Rename UserDistrict to UserLocation

  2. Expand UserLocation to support all location types (Village, Ward, District, Region)

  3. Implement cascading access rights based on location hierarchy

Hybrid Authority System

  1. Rename PolicyHolderUser to UserHybridRightsDetails

  2. Extend UserCompositeRightsDetails with:

    • Generic foreign key (for locations, PolicyHolders, etc.)

    • User foreign key

    • CompositeType field (string)

Benefits

  • Increased flexibility: Users can be assigned to any location level

  • Improved granularity: Fine-grained access control across all location types

  • Simplified management: Unified location-based authorization system

  • Scalability: Easily adaptable to future location hierarchy changes

  • Versatile composite rights: Support for various entity associations beyond PolicyHolders

Implementation Considerations

  1. Database migration: Create new tables and migrate existing data

  2. API updates: Modify endpoints to support new location and authority structures

  3. Frontend adjustments: Update user interfaces for location assignment and rights management

  4. Performance optimization: Ensure efficient querying of hierarchical location data

  5. Backward compatibility: Maintain support for existing integrations during transition

Next Steps

  1. Detailed technical specification

  2. Impact assessment on existing modules and workflows

  3. Prototype development and testing

  4. Community feedback and refinement

  5. Phased implementation plan

By implementing these changes, openIMIS will have a more robust and flexible location management system, better equipped to handle diverse organizational structures and access control requirements.

 

 

 

Did you encounter a problem or do you have a suggestion?

Please contact our Service Desk


This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-sa/4.0/