Access management in openIMIS
Access management dimensions:
Authorities (CI, roles and Authorities)
Location (CI, User District)
External affiliation
HF user (CI, CA)
PolicyHolder User (CI, PolicyHolder user)
How access is checked
for Scheme user:
the user role must have the authorities required to the the action and the recipient of the action must belong to a location or service provider within the user districts
for External user
the user must have the External user authority in action to a register relation with the external partner attached the the recipient (ex. CA on HF for a claim )
Change to be done:
add HF user specific authorities
rename CA table to HFUser table (or merged to Policyholder table into an External user table ? )
Add village specific authorities for Enrollment
drop the EO table and change the EO village to UserVillage (or merged to Policyholder table into an External user table ? )
Action upon deletion of an user
all related accesss CI must be “deleted“ too (flag deleted to True)
Action upon deletion of an external partner
in all case the relation between the users and the external partner must de “deleted“ too
if the users are only related to that given external partner (have no relation to other external partner ) then the user must be deactivated