User roles & scopes
OpenCRVS supports the creation of multiple custom users with specific permissions (scopes) to control what they can and cannot do in the system. This feature allows countries to define user roles and their corresponding scopes based on their specific needs.
Key Features
Unlimited user role configuration: Administrators can create and configure any number of system user roles.
Custom role naming: Each user role can have a custom name (e.g., Healthcare Worker, Mayor, Registrar).
Scope-based permissions: The functionalities available to each user role can be controlled by assigning specific scopes
User Role Scopes
The following are the key scope categories available for configuration:
1. Declare
β’ record.declare-birth β Allows a user to declare a birth.
β’ record.declare-death β Allows a user to declare a death.
β’ record.declare-marriage β Allows a user to declare a marriage.
β’ record.declaration-submit-incomplete β Allows a user to send incomplete declarations to an assigned office.
β’ record.declaration-submit-for-review β Allows a user to send complete declarations for review.
β’ record.declaration-submit-for-approval β Allows a user to send a declaration for approval.
2. Validate
β’ record.declaration-submit-for-updates β Allows a user to send a declaration for updates (status: Requires Updates).
β’ record.declaration-archive β Allows a user to archive a declaration (status: Archived).
β’ record.declaration-reinstate β Allows a user to reinstate an archived declaration (reverting to the previous status).
β’ record.unassign-others β Allows a user to unassign another user currently assigned to the record.
3. Register
β’ record.register β Allows a user to register a record.
4. Certify
β’ record.registration-print&issue-certified-copies β Allows a user to print and issue a certified copy.
5. Correct
β’ record.registration-request-correction β Allows a user to request a correction to a record.
β’ record.registration-correct β Allows a user to correct a record and review correction requests.
6. Performance
β’ performance.read β Allows a user to view performance reports.
β’ performance.read-dashboards β Allows a user to view Metabase performance dashboards.
β’ performance.vital-statistics-export β Allows a user to export vital statistics to CSV.
7. Search
β’ search.birth β Allows a user to search for all birth records.
β’ search.death β Allows a user to search for all death records.
β’ search.marriage β Allows a user to search for all marriage records.
β’ search.birth:my-jurisdiction β Allows a user to search for birth records in their jurisdiction.
β’ search.death:my-jurisdiction β Allows a user to search for death records in their jurisdiction.
β’ search.marriage:my-jurisdiction β Allows a user to search for marriage records in their jurisdiction.
8. Config
β’ config.update:all β Allows a user to update configuration settings.
9. Organisation
β’ organisation.read-locations:all β Allows a user to view all locations in the organisation.
β’ organisation.read-locations:my-jurisdiction β Allows a user to view only locations in their jurisdiction.
β’ organisation.read-locations:my-office β Allows a user to only view their officeβs information.
10. User Management
β’ user.create:all β Allows a user to create a user in any location.
β’ user.create:my-jurisdiction β Allows a user to create a user only in their jurisdiction.
β’ user.update:all β Allows a user to update user details in any location.
β’ user.update:my-jurisdiction β Allows a user to update user details only in their jurisdiction.
β’ user.read:all β Allows a user to view any userβs audit page.
β’ user.read:my-jurisdiction β Allows a user to view audit pages only in their jurisdiction.
β’ user.read:my-office β Allows a user to view user audit pages in their office.
β’ user.read:only-my-audit β Allows a user to view only their own audit page.
Last updated