 Alright, so we talked a little bit about user groups very briefly, you know, Pam would kind of showed you the distribution of a user and the various components they can be assigned, right, including the authorities the organization user roles, the organization units, and then this user groups. So now we kind of wanted to get into how we utilize those user groups. And actually there's a couple ways we utilize them because one way is for the configuration on aspects like the metadata, and that's what we're going to kind of cover now. But you know those of you who are also interested in utilizing the data, for example, you might use these user groups for sharing of your maps and your dashboards and things of that nature as well. So sharing is this the sharing concept is kind of multi purpose, but we're going to kind of focus on the administration side in particular as it relates to the tracker metadata that we have been working on. And we're also going to discuss how this links to a user role and a user because it's kind of a concept that you know there's kind of several layers to this, and it allows us to kind of give us this complete very distinct level of access to the user. That we're looking at. Okay. So, in this session what we're going to do, we're going to review the sharing concept. Okay, we're going to explain the link between sharing user roles and user groups so you know we talked about it a little bit but now we're going to kind of demonstrated a bit more. And kind of see how it works in practice. Okay, we're going to describe the difference between metadata and data sharing. And this is something you came across a bit yesterday, when you were working on your exercises your, your sorry your graded assignments as well as you know when we were going through the demo, the day before. Okay, well now we're going to describe it in a bit more detail and kind of go over the implications of this for the various objects within a tracker program. We're going to talk about the different objects within a tracker program that can be shared. So some of you, for example, created your own tract entity type, and you had some difficulty with your program accessing it after you've done that. So we're going to go through the different objects and just kind of discuss, you know, what we can do with that on the configuration side. Okay, we're also going to describe this concept of program and program stage sharing. And some of you had raised this question the other day, when we were doing the final configuration on your access of your program, and we had in our example, assigned the same level of access to our programs as we did our program stages. Right. But actually, you don't have to do that. And we're going to discuss that and show kind of what you can do. If it's not always the same for different user types. Okay. And then we're going to look at applying the program and program stage sharing settings to your own program. Now, some of this configuration aspect, we're going to leave till Monday. Okay, due to time restrictions, right. So we're going to kind of break it up into these natural kind of steps that, you know, there's a part one and part two, we'll cover part one today, and then, you know, give you a little bit of a break for the weekend and then we'll come back and discuss part two on Monday, I think. Okay. Let's just discuss this in a little bit more detail. All right. So sharing itself. Okay. And hopefully, some of this is familiar to you, right, because it's the same for aggregate data is in particular it's a very similar for event programs. Right when you're dealing with the metadata and data sharing and hopefully this word, at least in the DHS to realm space is somewhat familiar to you. Okay. So sharing allows you to take specific items or objects in the system and determine the level of access the user has with these objects. Okay. And we typically apply sharing to user groups or users in the system. And, you know, typically, it's user groups because doing it by user, you know, that can be quite cumbersome, right. If you want to apply the same sharing settings to 20 different people. You know, it's a little bit more efficient to manage this via a user group, rather than try to do this via a user right via managing, you know, adding 20 users for different sharing settings right. And what we do is we combine this concept of sharing. Okay. We combine this concept of sharing with then user authorities and user roles which we've been discussing. Okay. So we combine these two aspects, and you'll see later on there's another layer we will add. Okay, program access levels. Okay. And this kind of allows us to be very specific in terms of what a single person can do in the system with our data with our metadata. Okay. So, when we're looking at this user roles can kind of be thought of as the top layer restriction on what the user can do in the system. Okay, so we give you know paneled one over this you give them access to edit or modify certain metadata objects perhaps or access to particular apps, or allow them to say okay I can access the tracker data in a certain way for example viewing the event analysis. Okay. Right. But then we combine this with the second layer of sharing, and this more precisely restricts what a user roles function allows you to do the specific objects right. So if I assign authority of view event analysis in a user role via sharing I will say well what programs, can I access the data for. Okay. And what we'll cover this in more detail to give you some more concrete examples. In the context of a tracker program. The concept allows us to decide what type of access a user will have to the program itself. Okay, both for data entry purposes, as well as data analysis, right. And as soon as we're deciding, can the person enter create new track entity instances for example, in, you know we've been using people as an example in our anti natal care program, and our TV program. So can a specific person create new people and register them and enroll them in our programs. Can someone view the data that we've entered, can someone go into the program stages and edit the data. And then we can control via the sharing concept right so by program we can have the specific setting. This is combined with that user role layer. Okay. So let's look at it from that top view that's the kind of visualizes again just to kind of reinforce this a little bit right. So the top layer restriction, which is user roles, right, and this gives us access to our apps or our metadata, or to kind of modify your edit and data. Okay, but then we have that second layer within those apps. You know what do we have access to. Okay, and that's controlled via sharing. Right. So I can say okay, I have access to maintenance I mean I'm an administrator of some kind. I only have access to modify these programs or, you know, program AB and F, and I only have access to modify these data elements, right, just because I have access to maintenance doesn't mean I have the right to modify everything necessarily. Right, it could be the case, but it's this is kind of where we're going with the sharing concept. The same thing is true in tracker capture. So we have access to enter data in tracker capture, but which programs do they have access to. Right. It might be that you only want people from the immunization program to be able to enter new records into that program. Right. And then other users from other programs. Maybe they can see the data, or maybe they can't see the program at all. Right. And that's all controlled via sharing. So we have these two layers that are working together to define what a user can access. So then we have these two levels of sharing and we've kind of come across them, right. But in the context of tracker programs, we haven't really discussed the implications so much, but it's very similar. For example, if you've dealt with event programs, right, then then the implications here are very similar, but now you know we can get into a little bit more detail because we have multiple program stages. So in the program itself, we have this concept of attract entity, right, the person in our case in our examples that we're using, and we can apply these these settings to each of these layers in our program configuration. All right. So when we look at metadata sharing and data sharing they have separate sharing settings but you know they kind of imitate each other in a way, right. So in the metadata sharing we have this can edit and view and can view only, right. So if you remember if you, you know, went to share your program, right, and you would apply the sharing settings, you would see these two options, right. Then we have this next level data sharing, there's can capture in view and can view only of course there's that other level no access. That is pretty self explanatory right if you say, you can access it, then you know they can't see anything, right. So these are the two that allow specific permissions to occur, right. On the metadata side if we say can edit and view. This means that they can both view and modify a metadata item, right. This is typically reserved for administrators of the system, right. Very few people would probably have the authority to say modify your program configuration, right, or modify the data elements that exist in your system. But if we say can view, then this means they can they can view the metadata object and anyone who's going to interact with that item needs to have some level of can view access right. So even if they're just entering data in tracker capture, they need metadata can view access in order to see that metadata. Okay. On the second side we have data sharing, and we have these two items can capture and view, and can view only right can capture and view this means that they can enter data, enter some kind of data right. So if I apply this to a program, for example, then I'm saying you know you can, you can actually enter some data into the program itself if I applied to a program stage. I'm saying you can enter data within the program stage. Okay. If I say they can only view the data. And this means you know if I, we can use the program stages another example, right. This means I can only view the data in that stage, but I can actually modify, edit, or enter new data in that particular program stage right. So this applies both to analysis users, as well as you know someone who might have access to tracker captured and wants to view the records right if they go to view a record, and they only have can view access. They won't be able to edit any of the data that is there, as an example, right and we'll go through some actual demos so you can see it in practice. But hopefully that's a bit of a summary he you know that, you know, at this stage you would have had previous exposure and then exposure over the past couple days to these concepts right, but this is kind of how it's applied in practice right. So, what are the objects that we can apply sharing to well for metadata there's quite a few objects, and we're not going to go through all of this we're going to focus on the particular items within the tracker model. But in a in a live system, you know, there's quite a few objects you can apply this metadata sharing to right so we have these two levels. We're looking at the metadata part here right first. So here on what we're saying is that these are the objects we can apply this metadata to all the data elements that track entity attributes often sets track entity types, our programs our program stages, and we haven't gotten to it yet but also our program indicators. All right. And basically we can decide who can see them who can modify them, you know who can do what with these various with these various items. Okay. So on the data sharing side in a tracker program there are three objects we can apply data sharing settings to you can see this list is different than the previous list. Okay. Now it's just a subset of those items. And these are the three that we're going to focus on mainly. Okay, tracked entity types. Okay, which some of you had made and then you had some problems accessing your program and we'll discuss why. Programs and the program stages and we had all of you apply sharing settings to your program and your program stages at minimum right if you were using the track entity type we created for you for example. Okay, but we're going to discuss this in a bit more detail in terms of how you can differ the sharing settings for this depending on what you want someone to do. All right. So let's look at an example of this in practice. All right. So what we're going to do is we're going to look at I'm doing this on the demo system. Okay, and you'll have an exercise after I do it so if you kind of might be better just to watch the implications of this a bit so you can keep up. And then you can form it on your own. Okay, so let's look at these users and see how it differs a bit from our kind of normal configuration. Okay, so in this scenario I have three users. I have a case registration user. And what I'm saying is this user can only register new patients and they can view program data. Right, so they'll be able to enter in track entity attribute data, but they won't be able to actually enter any program data. So this differs from the configuration we've been looking at the other days where we've just been assigning the same sharing settings to the program and the program stages. All right. So I have a what I call an ANC staff user. Okay, and this user can view and edit the data in the program after registration. Okay, but they can't register a new user or sorry a new person new mother. Okay, I have an ANC manager as well. And this person can only view the data. They can't edit the data. They can't register new new mothers. Okay. This is a bit different in terms of, you know, what we've been discussing previously. All right, and this relates to this program stage sharing concept which we will eventually get to the configuration component of this. All right. Okay, so I'm going to log in as a user who has this access. Okay, so this is the user that I'm currently working on. Okay, that's a bit small. I'm fine with this user and as I mentioned this user that I'm looking at, they can just register individuals and view the data within the program. So the way you can think about this workflow is if, you know, you were in a in a hospital perhaps or in a clinic, right, and you had someone kind of as people come in registering them, right, and then the actual staff members when they're there they would retrieve that record and enter the details as they perform their or provide treatment. Right. This might be more reflective of a workflow where you're entering data in real time, then you would be entering data maybe retrospectively. Okay. So, you can go to tracker capture organization, and you can see this person they have access to register a new person. Right. So I'll go ahead and I'll register a person, you know, just continue. You'll see that the NC visit is there. This person should not have access to this. Just let me double check what's going on here. Okay. So I'll fix it on the other system to on before you start your exercises. So I'm going to go through that process again just this user is only supposed to have access to register individuals and not edit data in stages as you can see when I showed the other example. When I logged in and when I created that person, they were still able to edit the program data. And that's because someone had altered the user groups of this user. And that's kind of what we're talking about right now. So let's just go through this so you can actually see it work practice here. Okay, so what happens when I log in with this user. They're not able to enter any data. So when I try to enter a stage or create a new stage it won't allow me to because it's basically saying you don't have access to do this you cannot write any data to the program stages. The same will be true if I view any existing record. So for example we have these existing records here. So if I maybe open one here. You can see here I can't edit this one already has an existing program stage, but I can't edit any of the fields. Right. If there was data here I can view it. You know, like for example here in the second part there is data, I can view it but I cannot alter any of the data values. All right, and this is because of the way that the sharing has been applied to this particular user. Okay, so they cannot actually modify any of the data within this. Though they could register a person right. You can see that the person who registered some they do have some other permissions though that are interesting right because they can delete the enrollment and they can also delete the person right because they registered the person and by nature of doing so they also have the authority to delete the person right so it's not as intuitive as it could be because you might not want this to be the case necessarily right but right now that's that's kind of how it works so is a bit of a limitation. All right, but in order to kind of edit this data because this person their role is just kind of as people come into the clinic, they register them, and then their job is done. Right, so the next kind of level of this. Okay, is to actually then have a user who can, you know, modify the data within those program stages. So, if I go here. So the first thing you'll notice when I select the or unit and then the program appears thing this person does not have the register button. Okay, because they can't register new mothers into the program. So the first user that we logged in with. They could register people into the program right as part of their workflow, right. So we have to give explicit permission based on the sharing settings that we provide to the program. Okay, in order to allow people to be registered into the program itself right and unless we do that you know then then they won't be able to do so in this workflow. This person expects that the person they're looking for the mother they're working with already exists so they would maybe search for them or find them from the list and update their record. Okay, so I believe I'm not sure which one access what's access this one. Okay. So you can see here for this user. Okay, they can enter data. Right. You can modify all the fields. If they go here they can add events if I want to add more events doesn't give them any error of any kind. Right, they can just do what they need to do. But they don't have any authority to register new individuals right and that's kind of just how it's been set up right so this can be the case doesn't have to always be the case it's just one way to configure things just to give you an idea of kind of what can be the case based on different configurations. Okay, but this person has complete access to add new data right for the program and that kind of makes sense. In the case that you know they're the ones providing the service, right if they're the ANC staff member, they're providing the service and they want to update this in real time as they take these measurements or perhaps provide various, you know, methods of profile access or whatever it is that they're doing during the encounter right they can update this in real time just save the record and then go to the next one right assuming that that person's record has already been entered into the system. Now you don't have to be so restrictive right you could allow this person to register perhaps, if that was part of your workflow right as we saw before we can give that authority to others. We can also we also had one more user in that workflow. Okay, this was an ANC manager and what we basically said is this person can enter any data at all. Okay, they can view the records, but I don't want them to modify anything. The whole idea being that if they find some kind of quality issue, they would have to call the facility perhaps, or speak to the person who entered the record, and you know what to be modified rather than them going in and making a modification without really understanding the scenario properly. So if I go to one of the records you'll see just like our first user that we logged in with, they cannot enter any data right they can view the data that's here, but they can't interact with any of the fields. And similarly, they can't register anybody right. And if I were to go to event reports or something like that this person has access to the analysis apps, then I could also view the data there, but they can't edit any of the information. Right. So depending on the level of kind of interaction you want a person to have in the program, you know, this kind of configuration will allow you to control this quite specifically. And it doesn't mean you have to have you know we have quite different user types spread out this way. And but that was just kind of done for demonstration purposes and maybe if you're dealing with data retrospectively it's not, you know, as valid perhaps or is not as useful to think about things this way we will go through an alternative configuration as well. When you're looking at this, you know, it just gives you some ideas to you know what can be done right the different sharing settings that control this we will discuss you know how it's actually configured of course, but by providing these different levels of access you can see there's different interactions within the program itself right allowing certain people to register individuals allowing certain people to interact the program stages, allowing people just to view the data. Of course, you know, there's that non level of access where maybe I don't see other programs, right. So, you know I have a list here and this person sees the other programs, but we could hide them from this user, right. So they just have access to the antenatal care program as an example. Right. So it's kind of completely dependent on on what it is that you want to do. All right. Okay, so just open the up the exercise here. So it's just located in the sharing and user groups section. Okay. And it's the learners guide to sharing part one. So what I'd like you to do is work on first exercise exercise one. So exercise one is just going to have you log in as some of these different user types. So you can see in practice kind of, you know, how this works, right. So, anytime you log in as a new user. You know you guys right now on that demo system so you'll be using the demo demo system. Okay. For this don't don't use the customization one this is not configured there. Okay, but because you guys are you guys are basically admins now on that demo system right because you guys have access to all kinds of stuff. That a normal user wouldn't typically have. So what I recommend is each time you log in. So if I log in let's say as the first user. Just clear your cash before you go to track or capture. Okay. So you go to go here, clear cash and then you can proceed to track or capture to be logging in as these three different users, each time you log in as a new one just clear cash and then proceed with the instructions. I think it'll help kind of control some of these problems that we've been seeing. Okay, so we'll give about maybe 10 minutes to work through that exercise, and then we'll come back. Okay. Okay, so in this scenario, right. In the last scenario we had all this different sharing permissions right someone registered the person, someone then subsequently can go in and enter data in the program stages. And then another person could just view the data but not really enter any new data or registering people. Right. But this is a more traditional, I want to say configuration or more traditional way to look at it right and that's why I wanted to go over it. Because also anyone of you who's familiar with our packages are metadata packages concept. These are the typical user groups we apply to the package at the beginning. So we've got it in country it might change, but a lot of countries tend to kind of use this at a minimum, right, and it's a good kind of idea just to understand what this looks like. All right, so in this configuration, we have three types of users, right we have a data capture user, and this person can enter and view data in the program. And this is being able to add new people to the program. Okay, as well as interact and add new data within the program stages right in the previous example we had separated this authority out. Okay, but in this one, they're they're one in the same. Okay, we also have a data analysis user group, and this means that the person can analyze data, they can view data for the program. And the last one is an admin or maintenance type of group right, and what this means the difference here is that this person can edit the metadata. Right, this is typically only assigned to a very small group of users. Right, but it is often important right you need people that are managing this in case there are any problems with the configuration and it needs to be modified. Okay, so I'm just going to demo these real quick, you know I'm cognizant of the time. All right, and then we'll we'll break for today, but just so you can kind of see this more traditional configuration. Right, and here if I go back to the demo system so I'm still doing this on the demo system. Okay. But I'll first log in as my data captured user right this person who can register people and interact with various elements of the program stages as well. Right, so I'll go here. Just access organization. It's my district hospital. And I'm going to work with the TV program in this example. Okay, so this person. Okay they can register people as we can see. Right. And you can enter some details quickly. You can also see now they can modify the data within the program stages right, and this is very common right a very common configuration very common way to make things right. They can enter data here for this person. And they'd all get saved right, and they can also do it for the other stages it's not separated by stage or anything like that either. So that's a very common way that you can, you know, you will see data entry users kind of, you know, interact with the program. Right. I'll log out here. Okay we also have a traditional analysis user right, which is kind of similar to that ANC manager in a way, right. You know this person will have access to analyze data, and you could give similar access to the TV data entry person through their user role, actually, right. If they can capture data they can absolutely view the data right so you have to remember that right. This person here if they go to capture and let's just go back select a hospital here. And you can see here. Okay, I guess this has also been changed. This person should only be able to analyze data I apologize that the configuration. It's not being modified but let's go to the admin user anyway, at least they can see hopefully this one is not modified. This user you can see has access to more. You'll see that immediately. You have access to maintenance. I go to maintenance the other users didn't have access to this right go to my program here. They have access to this program right they can go on the program maintenance and make modifications. So, this is a more traditional way, I guess to separate our authority, having an analysis and entry and admin user that can kind of work with the whole program, but have different roles and working with that program. And you can combine settings you know for for more than one person. There's no reason for example for the captured user, not to also be able to analyze data, because they're sharing setting will allow for that right. But can capture and view setting applied to them, which means they can view the data, and also enter new data, right. The data analysis user will be a bit more restricted. They shouldn't be able to capture data unfortunately. I'll just have to double check what happened with this who want to find this and make the change here. And then you have another user which is the admin user, which is, you know, just a small subset of people. And that's the user I'm logged in now. And we can see that they can, you know, they can interact with the program metadata right for this TV program that can make modifications. I changed the name. Save this. I'm not going to do it now but you know I could I could change the name or alter some of the program stages or something right. I could make this modifications if I needed to. You can see they have access to go in here and do that. Where's the other users did not write so if I log into the one that I know it's working at least. They don't even have access to maintenance right so they can't do anything to alter the metadata right at this point in time. And that's through a combination remember they get access to maintenance via the user role. They get access to modify the metadata or specific parts of metadata through sharing. Okay, but we've just blocked it off in both ways for this user. So the whole point that I'm kind of trying to get to you is that there are multiple ways to apply program state sharing. Right. So we saw an example before where we kind of separate it out into these three very specific roles, registering and interacting with the program data, just viewing the data. And then you know this is a more traditional perhaps way. If you want to refer to it that way of, you know, also setting this up, but you could also think about another more nontraditional way and that is specific program stages. So for example, let's say you're dealing with a surveillance program. You know this is a good one, right, because then you have people from the lab who might have to enter lab data, and you might interact with that. You have people performing the clinical examination, you have people maybe going out into the field and performing an investigation, and there are different groups of users interacting with that at any given time. So you can also set up, you know, specific access to different program stages. In both the examples we showed, you know the person who could modify the data in the program stages, it was true for all of the program stages, right. But applying this more broadly, you could generalize this, right, and then apply specific settings to each individual stage. All right, so you know, there's many different permutations, combinations, you know of this I've gone through to you right just to kind of show the potential and how it can be traditionally configured. But you know there are other ways you can do this as well. Okay. So we haven't actually gone into the configuration just been kind of discussing the implications and how it looks on the user facing side. Okay, so these three users are also set up, I have to fix the TV analysis one, just go check it and see what's happened there. But you can try the TV entry one and the admin one at least. When you have a moment. All right. So we're reaching the end of our time today. Okay, so that's why I'm not going into the configuration session because that's a whole, whole other session and I don't want to keep you over time, especially on a Friday. Okay, so, but you know if there are any questions or anything will stick around of course on Slack, and you can ask me that and you can give the exercise a try if you have a little time as well just looking at the different things but it's very similar just kind of showing the different possibilities of these users as you log in. All right, and the exercise I'm referring to is within the learner's guide and this is exercise to. Okay, exercise to right and it gives you all the details of all the logins and I'll just make sure to update that analysis one. Okay, so if you're kind of struggling once again where to find this stuff it's all on noodle sin into these divided into the sections. Okay. So one is sharing and user groups and you can find the learners guide there. There's also some links in the chat I know directly to the material. Okay, but we've gone through a lot this week. Okay, hopefully you've had a chance to interact with a number of different things today related to users user roles, and now sharing. Okay, we will show you how to configure the sharing settings on Monday. So I'm going to modify the agenda a little bit just to, you know, account for this and make sure there's enough breathing room for all these different topics. I'm rushing through. All right. But yeah, if you have a moment you can complete this exercise non graded exercise once again, just to give you the opportunity to see what the configuration looks like, you know how it's how the configuration affects these users. Okay. And once again, there is feedback. If you can fill that out. We would appreciate it we haven't been getting much feedback so it's kind of, you know, on the online environment in particular it's kind of hard for us to gauge where people are at. You know, and if there's difficulty with certain things or you know certain things we could improve upon, especially so we would really appreciate you letting us know, hopefully now that you've gone through a couple more topics. Maybe you have a better sense of kind of, you know, where there are areas we could theoretically improve the problem. All right. But yeah, I will end the session for now I don't want to keep you late on a Friday any later than I have especially for participants in Asia and other regions where it's already quite late. Thank you very much for your time. We'll come back on Monday, and we'll continue sharing we'll be looking at, you know how to configure the various things that I've shown today, and you know continuing with this kind of access control in the program access session as well. All right. So thank you everyone for your time. Thank you for joining me back up on Monday. Same time.