Reporting Rights per Report
Description
Confluence content
mentioned on
- https://openlmis.atlassian.net/wiki/spaces/OP/pages/499744796/Backlog+Grooming+Sprint+120
- https://openlmis.atlassian.net/wiki/spaces/OP/pages/503873537/2019-02-01+Team+Lead+Meeting+Notes
- https://openlmis.atlassian.net/wiki/spaces/OP/pages/508067904/2019-02-15+Team+Lead+Meeting+Notes
- https://openlmis.atlassian.net/wiki/spaces/OP/pages/541294614/Backlog+Grooming+Sprint+127
Activity
Sebastian Brudziński February 14, 2019 at 2:15 PM
- We have started scoping and planning the work for this epic and realized that the reports coming from the reporting stack are still hardcoded into the OpenLMIS UI. Is there any ongoing/planned work to change that and LOE for 3.6? I don't think we would want to start working on that until this is done - this would mean building a temporary solution again.
Sebastian Brudziński February 11, 2019 at 3:33 PM
Makes sense, thanks!
Clay Crosby February 11, 2019 at 3:23 PM
this means that the queries themselves limit what is returned in the report. I.e. when I am the logged in user, the query returns data for my facilities and programs automatically
You don't need to build any of that in as a part of this ticket
Sebastian Brudziński February 11, 2019 at 3:11 PM
Can you explain what you mean with "Note that restrictions are applied to the data based on row-level filtering that occurs within the report queries". Does this mean we are not only limiting whether the user has/doesn't have access to the report, but also limit what the user sees in the report he has access to?
Clay Crosby February 1, 2019 at 7:59 AM(edited)
my understanding of this ticket is that it would be rights that grant/limit access to particular reports. I'm not familiar enough with the OLMIS security model to know whether you use grants, restrictions, or both.
We would need 1 right per report/dashboard: https://openlmis.atlassian.net/wiki/spaces/OP/pages/111346003/Dashboards
We also need to update the menu items to reflect this list
Note that restrictions are applied to the data based on row-level filtering that occurs within the report queries
Details
Details
Assignee
Reporter

Labels
Components
Priority
Epic Name
Time Assistant
Open Time Assistant
Time Assistant

As an administrator, I want to assign users with specific rights for each report instead of a universal right for all reports.
As a OpenLMIS user, I only see the reports which I have rights for so that I cannot go to a report which may not have any data populated given my supervision rights (or that is not useful for me to see).
This is a change from the current authentication structure since report rights are currently a universal right (either you see them or you do not).