 Right. So I'm in the customization instance you all have access to and what I'm going to do is I will first click on the app's icon and then we'll go all the way down and select and click on this app all users, right? So once I click on users, you will see that we have three options here to select users, user roles or user groups. So in this part of today's session, I'm going to discuss about user roles. So I click on this tab called user role. So when I do that, I'm seeing that we already have different user roles that have been configured. Right. So, I mean, like in a live system because it's a kind of a demo system, we are only seeing, I mean, three user roles, we are seeing private tracker Academy, we are seeing super user and tracker data. But in a live system, it is quite likely that you are going to see many more user roles and probably like after doing today's session you will be able to figure out what are the different types of user roles that you can create. So let me kind of open this tracker data entry user role. So what I'm going to do is to click on this tracker data entry and it opens this user role. So here you will see that we have a name here. So this is the name of the user role and we have a description. Below that we have all the authorities that I mentioned in the presentation. So here you can see we have a huge list of authorities, right, a comprehensive list of authorities. So these authorities we can actually divide into five main sections, right. So you can see these individual, I mean, the boxes here are the sections that we can categorize them into. So the sections are we have metadata, we have apps related authorities, we have tracker related authorities, import, export, and authorities related to system, right. So let us, I mean, briefly discuss like what each of these sections are doing. So when it comes to metadata, the metadata section allows you to assign different permissions to a user role that allows for adding or deleting either public or private metadata objects, right. So you can see, we have different permissions, a list of permissions here and when we take on each of these boxes, we can provide public or private metadata permissions, right. For example, you could provide someone access to create and delete public data data element. So if you provide them access here just by ticking right like this, you can provide access to delete. Right. And also, you also have for example, something called external access, but this external access is only available to objects, which are, which are of report type so you can see here the documents event chart event report. And here maps. So these kind of event related objects you have you also have another type of permission for external access. So basically you can see here under this metadata section it's all about different types of metadata and providing them public and private permissions delete as well as external access. Right. And the next section we have is about apps. The app section allows you to give access to various DHS to apps that are within your instance. This includes all the core DHS to apps as well as any custom maps, you may have on your system. So for example, here you are seeing most of the core DHS to apps. So I'm seeing in this instance of course we only have the core DHS to apps but in case like sometimes you may install few custom apps like contact tracing relationships tracing application or scorecard. WHODQ apps so these are custom maps so when they are installed they will also be listed in this app section. And next we have the tracker section, which is of course the I mean the major main focus of this academy. So here we have authorities that have their own specific. So here with the tracker has their own specific section, mainly because it is unique to the tracker data model. So you may be wondering like why some of them are not probably like incorporated somewhere else under metadata later I will show like in the systems, but this has been done because they have their own unique data modeling tracker. So these concepts are much suited to be, I mean categorized under a separate section. So those are the, I mean what you see here are the authorities which are categorized under the tracker section. So here we have the next one which is import export. So here, these authorities are usually given to user roles that will be dealing with the import and export of metadata, or even data. So this is usually a kind of a specialized role and probably you will only grant these permissions to, I mean very limited number of users who are actually dealing with import and export. So here we have the systems section. So here you have authorities to allow the user to run various system level tasks and operations. So these kind of include operations like, as you can see data approval, you will workflow, generating min max value, right, moving organization units, replicating users, I mean tasks like that. So these are again some specialized tasks you are mainly assigning to users who kind of have a very higher level permission, probably system, system admins or high level implementers at national level, right. So as you can see here, we have a huge list of authorities so we don't have time to go through all of them. The thing is like most of these authorities are kind of self-explanatory but I understand that some of them may not really be that clear. So what you can do is, I will let me share the section of the documentation dealing with user roles. So you can refer that but I understand it again is not that comprehensive. If that is the case, so I'm pasting the link to the documentation here. So that's one option. Or else like if you're unclear about anything, I mean because these permissions, the authorities, I mean they can also get changed in time to come. So if you're unclear at any time, even after going through the documentation, the best would be to ask this issue in the community of practice. Okay, so let us try to know that we have opened this tracker data in free user role. Let's try to see, I mean what are the particular roles of the authorities that have been assigned to this particular user role. So that I mean as you can see here, most of these authorities, especially in like for example the metadata and systems, they have not been checked. So we have option here, selected authorities only so if we just select this one. It will only filter the permission, the authorities which have been assigned to this particular user role. So here, for example, this particular user role has been assigned to main sections of authority. So we have one section of authorities related to apps, and the other one related to tracker. So why have you done that, why is this particular user role has not been provided with any authorities related to metadata. I mean, probably you can understand like this is a kind of a data entry specific user role. So we don't really expect this person to create or add or delete any metadata in the system. So metadata is kind of like tracker attribute data elements, option sets, so we don't want these, the users with this role to do any of that, any of those activities, right. And then we have this app section. So what this means as I mentioned in the presentation is that here this user will need to have access to some apps, right for him to kind of carry out day to day activities, right. So the first thing is he needs to have access to the dashboard because the thing is like the dashboard is the first step that any person will land when you log into the system. So that's why we need the dashboard app. And you also need the browser cache green app because mainly because you know like we tend to do some modifications to metadata. And then this can kind of interfere with updating whatever the which I mean the present view of the tracker capture application so to do that. So we always, I mean, when we do when we do training programs for tracker or I mean any DHS to training program for end users we always. I mean, tell them about this browser cache green app and how to clear the browser cache. So for that purpose we need to have access to the browser cache green app and trigger capture of course is required because that's the main app. So he's going to perform all I mean almost all his tasks. Right, and then we have some tracker related permissions, right which we have assigned so we will discuss about them in a bit more detail in a while. And of course we are not going to assign any import export related authorities because he's just a data entry role so he's not going to do anything related to import export, and also same applies to the system level. Right. Okay, and one important thing to note is that so when you are when we are defining creating user roles, we should always remember to create user roles to cover a specific function. So for example, here, we are trying to cover the function of a tracker data entry. One mistake that we see in most of the DHS to customizations is that like, I mean like we tend to create user roles based on the specific job type so for example we tend to create user roles for data entry class reproductive health staff or else like we we tend to create user roles based on a geographical like for national staff, provincial stuff. But like that's not a kind of a scalable or recommended practice because like what we recommend is you should try to create a user role for a specific function. When you do that, you can always combine user roles. So for like if you have a kind of a user who is at a national level and kind of attend to multiple functions then what we can do is for that user we can assign multiple user roles, right, and together with the user groups will be able to achieve what we want. So this is the kind of recommendation of creating user roles in a DHS to setup. Okay, right. So let's now see what are the different permissions like we have already discussed about the apps that have been assigned to this user. And then let's see like what are the different tracker related permissions that are there. Okay, so let me briefly uncheck this so that I can see all the track related permissions. The first one we have is administer program dashboard configuration. So here this defines like if you can remember like when you kind of when you open the tracker capture application. For example you have different types of widgets right so sometimes like let me select. I'm just going to select one track instance just to show what I want to highlight so here you can see like we have we just related to indicators. Right and then we also have relationships nodes. So sometimes these widgets like we don't really want another implementation right. So if that's the case we can hide them and we can kind of like we want to kind of configure the particular dashboard in a way that we should I mean we expect the program people to see right. So these kind of activities you can determine and we can kind of like configure through a particular authority so that's the kind of authority that you have here. Administer program dashboard configuration. But then even though this is related to tracker we have to understand like who are the users to which we are going to assign this authority so we are not going to give this authority to each and every I mean every tracker data because then they might keep on changing it so I mean like your program I mean the visualization of tracker capture is going to get disorganized right so yeah that's what this particular authority does and then we have one for delete enrollment and associated events. So okay, another thing that you have to keep in mind is that in DHS to whenever any any user who has permissions to create an event has the permission by default to delete the right. So, if that is the case like then what does this particular permission or the authority defines. So it allows cascade deleting of an enrollment in a program, as well as all of its related events right so if we give this permission, you can delete enrollments, along with events so you don't have to actually I mean if you don't have this permission but you have to do is you have to delete events one by one, and then finally delete the enrollments right so but if you give this authority, he can delete the enrollment along with all the events right then we have the next one which is somewhat similar elite track entity instance and associated enrollments and events. So if they have this permission it kind of allows cascade delete offer track entity instance all of its enrollments in the in the programs as well as related events right. So it's again kind of like a higher level function. Then we have this manage program rule authority so this is kind of something to do with the the the metadata program program rule metadata. So it, it gives that particular user, the authority to manage the program rules right. And then we have search track entity instances across all org units. So this allows the user to search for track entity instances across all organization unit, regardless of the search organization units that they are assigned. Okay. Right. And then we have uncomplete events. So it allows the user to incomplete the previously completed event. And we have tracked update tracked entities, which allows the user to update an existing track entity. And finally, we've been even analytics. It's a, it's a it's a functionality, which allows user to be an analytics analytics data related to any events. So this particular the final role, final authority is kind of important. Whenever you don't want, like, some user roles to see tracker analytics data, because sometimes you have requirements where like you want only aggregate data to be by some users. So tracker analytics, you want to kind of, I mean, not let them have any access right so it is kind of useful to have this kind of authority when you want to achieve that function. Right. Okay, so I guess that's the kind of a brief overview of different authorities which are there but I don't think I can go through each and every authority that is listed here. So I really suggest you to refer the documentation but again like I understand like some of these concepts that are here may not be that self explanatory so if that's the case you can always ask in the slack or later on probably in the community of practice. Okay. Right. So, let's try to log in with the user. So what we can actually do is we have this user role which is the user called we have this tracker entry user. Right. So, when I open this tracker entry user and go all the way here, we will see that particular user has been assigned the tracker data entry user role. So, let me first show you how these user roles work and how these permissions are assigned. Right. And then probably what we are going to do is to create a user, and you will again do. I mean, go through the learner's guide and do the exercise of creating a user role as well as assigning it to a user. Okay, right. So here, this particular user, the tracker data entry user, who is already configured in the system is having the user role tracker data right. So if I go back and see the particular permissions in the tracker data entry user role, you will see this particular user has access to delete enrollment and associated events, delete track entity instance and associated events. And he can search all across the organization unit, uncomplete events and update track entities. Right. So let's see how these permissions are working when we log in using that. So what I'm going to do is I will share my screen again. Right. So I'm in the same customization instance. And I'm going to log in using this user tracker entry. So we're signing in. And then let me see like, I mean, like what are the different permissions this tracker user tracker entry user has as defined by his user role. So when I click on this apps icon, you will see that this particular user is only having access to these four apps. So by default, this menu management application will be available to all user user roles. So here you can see the tracker capture dashboard and the browser cash clean app are the are the only apps which are visible to this particular user. He's not having access to the common apps like the data entry or even any analytics apps like data visualize right. So this is how this happens is because like these are the only apps we have configured when we were configuring the user role. Okay, right. So let's try to open tracker capture application by clicking on it. Right. And you can see that this user is having access to the bird district. Right. And in this bird district, let me see. Okay, we have different, I mean, the organization units under the bird district. So I can see like, there are data to, I mean, under each of different, different organization units. So let me select say, for example, cardinal hospital gateway. Okay, or else probably we can actually take the TV program. So that you're like here. Okay, yeah, this is better. So I have clicked on the parent district hospital and the TV treatment card program right. Okay. So what I will do is I will just click and open one of these track entity instances which have been registered. Okay, I've done that. So you can see that we have different, I mean three different events, right, we have one on diagnosis one on continuation phase one, and then we again have one on continuation to right so let me click on this continuation. One event and when I scroll all the way down, you can see that this event is already completed. That's why we are seeing this as incomplete. This button has changed the label of the button has changed to incomplete because the event is already complete. So let me click on this incomplete button. If you can remember, when we were configuring this tracker data entry user role, we gave this use the permission to uncomplete event. Right. So, let me click on this incomplete button. Right. And it will ask, are you sure you want to edit the selected event. And then when I click, okay. Right. Yeah, it worked. That's why the label change to complete. But like, in case if this permission was this authority was not assigned, it wouldn't allow this user to perform this activity. Right. So he can do it mainly because this permission has been granted. Similarly, you may be able to remember that we gave that person access. To update attract entity instance. So what we mean by update is that so we we love them to kind of click on this edit button and change the attributes. So what we can actually do is like say for example, we can change the age so it was a mistake we can make it 31 right and we make it 31 and click on save. So it's getting saved. Right. As you can see here it has been updated as 31 that is because we have enable the authority to perform this updating of track instance. Right. Then we can also see something else that that has been assigned. So for example, let's try to see whether we can delete. So we have different. I mean like so one thing is here we have option to delete the person right and we have option here to kind of delete the enrollment right I think this particular user role had bought the permissions. So let us try one of them. So one option is to like try to delete this enrollment. So when I try to do that, it will it will prompt us saying, are you sure you want to delete the selected enrollment, this will delete all events associated with this So as you can see here for this enrollment. So this person has get enrolled to be treatment card and in that one we have three events. Right. So ideally we can delete each of these events one by one and finally delete the particular enrollment right that's the usual way of kind of deleting if this person is not having the authority to delete the enrollment along with the authority. But if he's having this authority, he will be allowed to delete right so the button is visible. So let me try to click here and yes. Right. So you can see like the enrollment has now got deleted. Okay, that was possible. Because we have assigned this authority to that particular user. So it was a kind of a lengthy session I did. I mean I did the presentation overview and then the initial part of the demonstration of user roles. So let me briefly stop here. And let us try to do the exercise one in the learners guide so you can use the same customization instance. So all the instructions are there. So I will give you about 10 minutes to do this task and wheels will meet again in 10 minutes. Right. So what we are going to do next is to create a user and assign the existing user role. Okay, so let me click on the app cycle and then select users. Then I proceed to users here and I click on the list and you will see the existing list of users. And I'm actually going to create a new user. So to do that I have to click on this last button. Right. And when I do that, I get two options. The first one is to create account with user details and the second is to email invitation to create account. So you can select whichever the options but like, like you have advantages and disadvantages of each of these options. So the first thing is like if you use the create account with user details what you have to do is, you have to fill out all the required or mandatory fields here like username password, you will have to generate and type a password and then you will have to type a password and put surname, first name, I mean all the mandatory fields and then assign a user role to that user and assign the tracker, assign the data capture and maintenance of unit as well as data output and analytic of unit and you can save. Right. So that's the first approach, but the disadvantage. I mean there are a few of them. The first thing is like you will have to manually generate the passwords. So it's a kind of a cumbersome procedure. And then you will also have to share these passwords with the with the with the selected user. And it's quite likely due to security concerns once this password is shared with the user when in the first login attempt he will change the password. So that way like I mean all this effort to create passwords and security sharing and I mean anyway that person is going to change the password is a bit of a cumbersome procedure and I mean like it might not really make that much of a sense. I mean but the thing is, it is kind of a very simpler way of creating users but a more sophisticated way of creating users would be to email invitation to create an account. So here what happens is we have to provide the mandatory details and we will also include the email address of the user. But then thereafter the user can, I mean, so basically once you create all once you input all this mandatory fields and click on the final step send invite. The user will receive an invitation by email and he will get a link via email which he can click and which will redirect him to our DHS to instance, and he can proceed with the remaining part of the registration as well as inputting his own password of his preference right so it's a kind of a secure animal. So that way of creating users. So let's try that method of creating users now. So I will give a user name here. So, let's put this this tracker. And then I will have to use users email so I will use this email address DHS to dot test one at right, and I will put. Check this disabled. This user and I will keep I will not going to, I'm not going to input any of these fields and I will keep the interface language as English. And, and here, I will have to select a role. Okay, so I am going to select this role that we have already been I mean going through, which is tracker data right so I double click that so that is selected as a role. And you can always see like we can add more than one user roles to a given user for this user. I'm not going to assign super super user role. We just assign a tracker data entry. So after doing that, we have to define the data capture and maintenance organization unit so as the name implies by assigning this so you need. The user will be able to capture data at this given open it or any open it below that, as well as he will have access if he's given the permission by the authority access to maintenance or maintenance application. Right, so I'm going to give this user the access at bird district. Okay, and here also I'm going to give him access for data output and analysis at the bird district right. Then, if I click on show more options, you have few more options like search organization unit I'm going to give access for training ran, and I'm not going to do anything for the user groups as of now because we will be discussing about it later. Right. Okay, so after doing all after configuring all these. I'm going to click on send invite button. And it says that user test users saved successfully and the invitation should have been sent right so let me log into the email account and see whether I have received the email. Right, there you go so I get this email. Right, and I'm, I will click an open and it says, this is an invitation to create customized user, a user account and I have the link. Yeah, right. So what I have to do is I have to click on this link, which I received through email so I'm going to do that. And once I do that. Right. I'm directed to this account. This this particular page where I have to give my first and last names. And the username of course I can't change because it has been already configured in the system. And here I can actually give a password. Here, I have to type it again. Right. Mobile phone also I have to enter so I will put something like this. Put the organization as Ministry of Health. Right. I will do that and I click on create. So, yes, now I'm actually, I have been able to create this new user. And if you check here, you will see that I'm actually logged in with that newly created user. So this user, let's see like what what applications he has access so as you can as as you imagine is only having access to the applications tracker capture dashboard and browser cash cleaner, because these are the apps which are available, as defined, based on the authorities available to the capture user. So, what I'm going to do is like I will give you some time to do this, do this part of the exercise so please do the exercise number two in the learner's guide. So what we will also do is like, because we have a few lengthy sessions, you can take 20 minutes break, and we'll see you in 20 minutes so by the time you can also complete the exercise to let me share my screen. So I'm going to click on the users app. And then I will try to list all the users who are here so I can see like some of the new users. Now, probably the user roles that you have created already. So what I'm going to do is to click on this plus button and create a new user role. And this new user role is for the purpose of tracker data analysis, right. So we create a new user role for tracker data analysis. Right, so this user role is right. So next thing we have to figure out is like we have these five sections of different types of authorities and what are the authorities that we need to add for each of these user for this user role. Okay, so what we need to understand is that when we create a user or user role, in order to analyze data, he needs to have access for event and tracker data outputs, possibly via data visualizer maps event reports event visualizer and dashboards, and also he should be allowed to create public items from within these applications, right. So all these in the background, if we just think again, what are the types of roles we should run. So, number one, they should be able to access the various analysis applications, right, and secondly they should be able to see the event data. And thirdly, they should be able to add public reports from the analysis application right so we have these three requirements. And to achieve them we have to decide what are the authorities we are going to add. Okay, so let's focus on the first one which is like about the apps, the different apps that we have to assign to this user role. So we know like they need to have access to the dashboard application. And then we need to give them access to the data visualizer, right, and then probably they need access again to the event reports, as well as event visualizer. Finally, the maps application right so these are the applications that we that that is that that we require to give them permissions. And then, let's look at the different metadata that they need permission so for example they need to have access to create dashboard. For example, I, okay, so for this purpose I have added at update public dashboard permission, and they should be provided access to create event chart event reports. Let me take here event charts and event reports, and then they also need permission to create maps. And finally, possibly create visualizations right. So these are the metadata access we need to provide to a user role for our tracker data analysis. Right, and then let us move further down and we need to gain one crucial thing is to provide them tracker analytics access so here we have a permission called we've and we've event analytics. We need to also provide them that access. So these are the minimal authorities that we need to provide for this particular user role the new user role. And once we are done, we don't we don't actually need to provide any access related to import export or system related access. And we finally click on the save button. So now we have this new user or a new user role tracker data analysis, right. So what we are going to do next is to add this new user role to an existing user. So the existing user we had, we had one user for data entry tracker entry this one right tracker entry user. So this was a user, let me open that user and see what other user roles already assigned. Okay, we have tracker data entry user role I assume someone must have already renamed the permission I have the user role I have added previously. So right. So let me now find the new user role I have created which is tracker data analysis right. So now we see the user role that we initially created tracker entry. He already had access. The previous user role was to enter data so we had that tracker data entry access. Now we have added tracker data analysis user role. Okay. So what we are going to do is we are not going to change anything else. And we will save it. Right. So we need to log in. Let's try to log out from this user and try to log in. Right. So now I'm logged in with the with the new user. I mean the same user we have tried before, who previously had only data entry access. Let me click on the upside can to see any new changes. Yes, we are seeing some changes previously that this user only had access to the dashboard tracker capture browser cache clean and menu management. Now he has access to this new apps event report event reports event visualizer data visualizer and maps, as we have configured in the new user role. Now he has kind of access to applications which are coming from both the user roles that's the most important thing to understand here. Right. So let us try to open one of these applications to be the tracker analysis data. So let me click on this event reports app. Right. Okay. Let me try to create visualization so probably I can get a table output using this event reports app. So what I'm trying to do is I'm going to generate a line list of all events. There are so many programs let me select the TV treatment card and let me just select this diagnosis and initial phase. Now I will just try to narrow down the metadata items available only for the program attributes and let me create the first name last name and age and gender and the registration right. Let me also see the org unit so let me try to select that bird district and try to miss down all the events which are available. I'm going to click on the update button here. Unfortunately, I don't have any data for this so units. I hope analytics must have been run. I run the analytics. Let me select another program. Let me try ANC possibly. ANC register whether there's any data or maybe the period I'm not sure the period I selected before. So let me try to see. Try to get both the years and the bird district. All right, there we go. Right, so what I have done here is I have selected the program TV treatment card in the diagnosis and the initial phase. And then I just listed out here the first name and last name as the attributes and the periods I have selected these two years, and then the organization and the organization unit as the bird district. So, with all this, I'm able to create this visualization. So this is possible because the particular user access to the event data event analysis date. Right. So this new, the previous user who only had tracker data entry access before is now having access to analyze data. So we know this because he has access to the new applications the analysis applications as well as he can create a visualization in this case a tabular visualization using the event report application. Right, so that's it what we have for even for the user role. So, I, yeah, so what we can do is we can do the final exercise user role, which is exercise three. So let us take a break off like 10 minutes to do this final exercise, and then after that we can proceed to use the groups.