 Okay, let me go back and kind of just cover this again so you're able to kind of see where I was. Okay, so where I went to was users. Okay. And what I was discussing was the user groups. So here they're in, you should be familiar now with these two pages user and user role. And then we have a third one user group either on the left side or accessible via the box here so just go to, if I go to user groups I'll be able to list the user groups that, you know are in my system. And if you're starting from scratch, you might not have any present. If you're in a system that has some kind of configuration going, you'll have something there and all likelihood in order to manage your data sets your programs etc your dashboards whatever it might be. Okay, so if we have a look at some of the user groups that are kind of there. So let's just type in and see here. So ANC managers and ANC staff. That was part of the configuration we looked at on Friday right the ANC managers, these were the staff who could only view data within the program. ANC staff could only edit program stage data but they couldn't register anyone in our program. And then I had that last group the people who could register individuals, but then couldn't actually edit any of the data within the program stages. Okay, and the reason why we make these user groups and combine this with the sharing settings concept is because it's just not practical to apply sharing settings on a per user basis in most cases. Right. So if I look at the user that was made for this the case read that's the one I just logged in when we did the review. Okay, and I open them up. I will see they are part of the user group that I was talking about clinic registration. Okay, and how we apply those sharing settings we'll get to in a moment. But we apply them to users that are part of a user group. And that kind of allows us to cascade down for all the users that are, you know, part of that group. Okay. So we're creating a user group. Okay, and this is kind of where we got to before we had to switch gears here. Okay, it's really easy concept. All right, we go to the user group management page in the user's app. Okay, we click on the blue plus sign. And then we give it a name and a code. Okay, and then we save it and that's really it and I'll get to this part in a moment. Okay, so let's say we wanted to create another group. Let's create the one for staff. It's already there, but just make make it so you guys are kind of see the process. And then I can save it, or what I can do is I can, I can actually add so these are user groups that already existed into the system. Okay. And if I add one of these actually what it'll do is take all the users that are within that user group and add it to this user group. Okay. So this is just kind of allowing you to take existing user groups and kind of quickly place all the users that belong to those user groups in a new user group that you're creating. All right. And the reason why you can't select you used to be able to select individual users and place them in the user group. But if you have thousands of users or you know some of these systems have, you know, 10,000 users or more. You know the system was not handling that very well. So in order to add a lot of users to a user group, a new one, if you're not using the available user groups. You're typically going to have to do this via a script, or you know some other mechanism it's it's really not the best user friendly method at the moment. It's certainly something we need to work on all right I just want to kind of make you aware of that limitation. So making the actual user group. It's really easy adding users to the group. It can be a bit challenging if you have a lot of users that you need to add to the group. Okay, so because the way I would have to do it now. Let's go to the staff. If I wanted to add someone to the user group I just created, you know, I have to go to their user. And, you know, I find the user group I made and then I add them to the user group. Right. And that can take a lot of time if I have a lot of users, right. So I just want to make you aware of that limitation but otherwise this component, you know, it can be overcome. Okay. It's not something that is in practice is unachievable. All right. So what we can do now is explain how the sharing concept has been applied to these user groups. All right, and I'm just going to open one and we'll start there. Okay, sorry. So I'm going to go to maintenance here. And if you remember came and maybe maybe you don't it's not as fresh in your mind maybe as it could be. Okay, the three main objects for data level sharing in particular, when we're dealing with a program. Okay, are the tracked entity type, the program, and the program stages. All right, so I'm going to go here to program, and I'm going to first talk about the tracked entity type. Okay. So, when we looked at this. Okay, many of you had created your own tracked entity type in the, I'm in the demo system right now. Okay, and I'm doing this in the demo system. So if you want to kind of follow along or if I kind of there'll be some exercises here. Okay, you can log in here and check. Okay. You created your tracked entity. And then when your program was made everything else was fine. But a lot of you were kind of messaging me saying, Oh, I can't access my program. And the message on screen was, you know, there was an issue with the tracked entity type. Okay, so when we're reviewing this we have to kind of go through from top to bottom, and check our sharing settings for each object. I'm just going to go through real quickly. What what I what I mean, right and yesterday, Friday sorry, conceptually, we went over the different sharing settings, but I'll just I can either right click on the object or click on this actions button, right and go to sharing settings, and that'll pull up the sharing settings for the particular item that I'm trying to review. Okay. And this has been shared with quite a few user groups I'm just going to focus on the ANC ones, just to kind of keep it limited you know to one use case because then we can go in all different directions right. So if we look at the individuals this clinic registration user group. This was the user group that could just register individuals into the program. Right. And I'm going to talk about the details of that. In a moment. Okay, but I just want to just click on this right and then we have these two sharing levels, right. And this is what we talked about conceptually. And we applied this a couple times now, but really to understand what this means you know the purpose of the session is to really understand what this means, and how to apply those sharing settings. All right. So if I have a look here. We have these two levels of sharing metadata and data level sharing. Okay, and we'll get into the implications of this of what it actually means in a moment right but just as a concept. Right. If we can kind of review metadata sharing really determines if a person can edit and view an object, or only view the object itself. So what I mean is, can a person actually, you know how do they interact with this particular tracked entity type. Can they see it. Is it hidden from them. If they have maintenance or admin privileges, can they edit this object. Right. And that's what I'm really talking about when I'm talking about metadata sharing. If I look at the data level sharing for this object. Okay. We have different levels and we discussed those on Friday so if you need a bit of review please review the slides in terms of what these different levels do we will talk about that more today though however. Okay, but data level sharing it takes this kind of one step further. It determines in quite specific detail, what a person can do with the data that is then linked to this object, right. So, if you think about, you know the data that's linked to every person in your system, you know what can an individual do in that scenario. Now there's a little bit more kind of specialization that we can discuss and we will in a moment. What you do is just stop here. Okay. And I want to give you a chance to perform the first exercise. Okay, just to give you a chance to kind of navigate around and make sure you can find everything. All right, so I'll pause the recording. I'll just go to the sharing settings right and let's just go through the three user groups and see how they've been how the track entity type has applied sharing settings, you know to these different user groups so we start with clinic registration they can view only, and they can capture in view. Okay. We look at our ANC staff. They can only view. Okay. They can only view managers, and they can only view. So the only user that has access to capture in view is this clinic registration user. Now if you remember, these were also the only users who could register within our program. Okay, the registration button wasn't even available for the other two users. Okay, and this is a result of the sharing settings being applied. So what exactly the sharing settings do and then we'll, you know, see an example of this. Okay, so if I have say can view data for a track entity entity type. This means that I can search for tracked entities. Okay, that are of this track entity type. So in our example anti natal care program, we can search for people mothers registered in our program. We can see the values for tracked entities of this track entity type so they can see the mother's demographic details. Okay. If I say can capture in view. What this means is that I can edit any of the attribute data for track entity instances of this type. Okay. So if someone's already registered I can edit the details of that individual. I can also register and create new tracked entities of this type right and the only user that could do this was our clinic registration user. Right, I can also delete tracked entity instances of this type. And I can delete or sorry deactivate or reactivate track entity instances of this type. So let's just kind of recap this by kind of going over exactly what this means right so this is. This is my case registration user okay that I'm logged in with now. So if I go to tracker capture. Let's just recap some of these authorities so I want to. So what I'm going to do here, just review how some of this affects the actual user. The only person that can capture in view is this user that I'm currently logged in. So, if I select an organization unit, and I can see here register or create new tracked entity instances of this type. I can register a person because they are they have that capture in the detail right if I want to edit any of the attributes so let me go into one person. Click on edit. Okay, you can see here they can edit those attributes right they can make those modifications. I can delete and deactivate those track entities. So here, I can see the deactivate button is here, and I can delete the person, or I can deactivate the person right. These are all unique characteristics to this can capture in view authority. Okay. If I check another user. So I'll check my ANC staff. I'm going to go to tracker capture. And I mean that anti no care program for starters we can see there's no registration button. Okay, I can't register new people. Okay, if I click on one of these items. Okay, you see there's no edit button in the profile either. I can show the details, but they can edit the details, right, whether or not you want it that way. I'm going to show you the sharing settings right just showing you what happens depending on you know how things are set up right this person can view these details, but they cannot edit them. Okay, you'll also see that the button, the big red button is gone. Okay, they can delete the enrollment. Okay, but they cannot delete the person. They could not delete this person Belinda Lee from the system. Okay, they cannot do that with these permissions that they're assigned via sharing. Okay. So that's the implications of the track density type, and the same would be for the ANC manager as the ANC staff because they have the same permissions. Okay, but they cannot register they cannot delete. They can view though, right they can view those details. Alright, so let's look at the next object. The next object is our tracker program itself. Alright, so I go back to my configuration. Go to the program, open up the program and go to access. Then I'm just going to look at the program itself. So here's my program. I'll pull it up. I'll look at these three. There's some other user groups. Okay, we'll get to those later on. Okay, but let's just look at the three that we've been discussing. So our clinic registration has can view. Oh, and can capture and view settings. This means they could alter the data in that stage in this in the program sorry. ANC staff. Okay, this is interesting. They have can view and can capture and view as well. Okay, at the program level, not at the track density level, but at the program level. Okay. And then the ANC manager just has can view access. Okay. So we're combining a couple of different sharing settings for our users. Alright, so if I look at the implications of this. Okay, for the user. We just have can view data at the program level. That's the pro that's level. We have just reviewed. Okay, this means that they can search for tracked entities in this program. Okay, so they need access to both the track entity type, as well as the program. Okay, because you can, if you want to see the track entities that are actually enrolled in this program, then this association needs to be true. Okay. So they can also see the track entity attributes specific for this program. Okay, so if you remember when you were creating your program you added in your attributes. Okay. They need to be able to view the data associated with the program to see those track entity attributes. They can also see the enrollment details for the program and see the notes for the there's this little notes widget thing for the enrollment as well. Okay. In fact, for you, they can do more. Okay, just like in our previous example, they can enroll entities into the program. Okay, so you need to be able to create new entities via the track entity type, and then you need to enroll them into the program that you're working with in order to complete the registration process. Alright, they can edit the enrollment details for the program, complete or reopen enrollments for the program. So you need to be able to see the relationships and messages and delete enrollments in the program. Okay, and you will see this a little bit right, because if we look at our, sorry, just make sure. If we look at our ANC staff member right. So just reduce this again. Okay, the ANC staff member. Okay, they have can capture and view access. All right. So here, one of the authorities is deleting enrollments in the program. And you can see here they can delete this enrollment. Right. They cannot delete the track entity itself. There's no bar here for deleting the person. We do see that in our other user. Okay, this is our case registration user. They can delete the person. Okay, because that's controlled through the track entity type, but deleting the enrollment is controlled through the program. And you can see here they can edit the enrollment details. So if I switch back to that ANC staff member. Okay, this is the ANC staff member now. Okay, you can you can edit the enrollment details like the registration dates and the the incident date. Okay, that doesn't mean they can edit the person's details right that's controlled by the track entity type once again. Okay, but they can edit the enrollment details right. That was one of the authorities. That was present. For this can capture and view status. All right. Now, they could enroll entities and into the program, but they can't create new entities right so they're kind of limited in that regard right that's why they have no register button the ANC staff member right so really this authority is not going to really work. They need to have access at both the track entity and the program level. Okay, they need both to really enroll entities into the program, otherwise, this authority doesn't really work. Okay, unless they take existing people and enroll them into the program for example if someone already exists in the system. And then they're receiving a second service or something like that they could enroll them into another program because they can't make new entities. They are a bit limited here. All right. Now, the ANC, if you can just view the data you're kind of quite limited in terms of modifying data right and now is our ANC manager person. Okay. That's this person here. Okay, and if I go to a tracker capture here. Just view their permissions. It'll be quite different right this is now the ANC manager. Okay, the ANC manager. So let me open up one of these. Okay. Yeah, my catch is almost up and you can see that their dashboards quite different right. They cannot there's no delete buttons or anything like that under the enrollment. Okay, they can't do anything of that nature associated with the program or the tracked entity type because they don't have any can capture and view sharing settings applied to that. All right, it's only the other user types that see this information right we see that information here on our ANC staff member. Okay they can mess around with the enrollment quite a bit because they're given permission to do so. We see that here again with our case registration user because they also have similar access to can capture and view the information at the program level. So let's look at our third one, the program stage. Okay, so if I go to back to my configuration. Let me just open up one program stage because both these program stages have the same sharing settings applied to them. Let's open it up and look at our three user groups again. So the first one we have is the clinic registration user, and they can only view the data. Right. So if you remember this person cannot actually edit any of the data within the program stage. They can see it, but they cannot edit it. Right. So they can do different things with the enrollment and the track entity type into the program. But once you get inside the program itself. They can't edit the data. Okay. If I look at the ANC staff. They have can view and can capture and view. Now if you remember, this was the only user that could edit data within the program stage. Okay, and that is controlled via the sharing setting that is applied to the program stage itself. Then lastly we have our ANC managers and they can just view the data. So all they can do is view that data. Okay, they cannot modify it in any way. So go back to our presentation here and just discuss this. And we can go through the examples. Okay, so within the program stage, they can view data permission. It's pretty simple to understand. Okay, compared to the track entity type in person, there's a little bit more going on, right, especially with the attributes and everything like that. But with a program stage, if I give them access to view the data, then they can see the program stage and its events and data within a particular enrollment right so they can view that program stage data. They can also see the notes associated with the program stage. All right, so if I go back to my, let me try and open up a different record maybe. It doesn't want to comply with me right now. Oh, here we go. This is the, this user that I'm logged in is the user that has can view data access. Okay. To the program stages. See if I can actually open the record though. Okay, here. Yeah, so you can you can see the program stage and its events and you can see the data. Right. But, you know, there's no data right now but this is what this user can do. This also applies to analysis. Right. So if I were to open up event reports your data visualizer, I could view the data in these for the program stages in these tools. Okay. Let's go back and discuss our can capture in view. Okay. And this can view data that's the same that's applied to that and see registration user right. They can just view the data. But if I can capture in view right this is this is what allows me to make all those modifications to the data itself. Right. I can add schedule refer a new event within the program stage right so not only can they add data to the stages but they cannot they cannot add any new events within your sequence. Okay within your tracker program. Right. They can complete and reopen the events within the program stage. They can edit the data values, add notes and delete events in the program stage itself. Right. So, let's maybe discuss this with these two users here so this is my ANSI staff member and they're assigned sorry. They're assigned can capture in view for the program stages. Right. You can see here, they can edit all of the data. Okay, they can add new values. They can delete the events in the program stage. Right. They can add some notes. Okay, they can add new events as well. So this one is repeated I can add as many events as I want. Right. And this is unique to the user that has can capture and view data sharing level access at the program stage level. All right, because if I do this with this user. This is my case registration user. They also have can view data like our ANSI manager. Okay. They can view the data but you can see all these other buttons are great out. It cannot delete the event. Okay, you cannot edit any of the data. It cannot add a program stage. It says you need to write access to this program stage to be able to create a new event. All right. And what that's saying is you need can capture and view access to this stage. If you want to be able to either add new events or modify the data. So through these three items, we can really quite closely control what people can do when interacting with specific components within our program. Okay. And we focus on these three items. Track entity type. Okay, the tracker program. And the program stage. And how these different sharing settings interact with one another in order to allow people to access, you know, specific parts of our program in a specific way. Right. So we just talked about each of these sharing settings, how they're applied to the different user groups, and the implications of that on what they can do in DHS too. As you saw, you know, the user interface is actually different for each of these user groups based upon their sharing settings. Certain items will be available, like deleting items, opening items or, or otherwise modifying available data that we see within DHS to itself. All right. And the sharing settings are really what controls this. But remember, this is interacting with our user roles as well. The user roles is that first level layer sharing settings is the second layer. If they don't have access to track or capture, then all of this doesn't really mean anything, right. They won't be able to do anything with these programs, at least through the user interface. Okay, so it's a kind of combination of these two items user roles and sharing that really allow us for this granularity that I've been showing you in this particular use case. Okay. Okay, so that was a lot to go over and cover I know, hopefully that's kind of clear, maybe not so much. All right, but what I'm going to do now I'm going to give you the opportunity just to work through the next exercise. Okay, in order to go through each of these items and review the configuration and in that exercise so I'll open that up here. Okay, so an exercise to here. If I go down there's a table that actually describes for each of these user groups, the different sharing settings that has been applied, and the implication of this on what they can do right so at the track entity type, the program. Okay, and the program stages. Okay, so I'm going to give everyone about 10 minutes. Okay, to go through exercise to. Okay, it's basically asking you to review the sharing settings, in particular the data level sharing settings for the track entity type for the program and the program stage for the three user groups that we've been doing. Right, we're just honing in on this one use case for now. Just noting that there are many ways you can configure this right, depending on the type of access, but we'll use this as our initial frame of reference, and then hopefully you know we can figure out how to generalize this, depending on what we want to do in our system. All right. So, in that same document, the learner's guide, the part two learners guide. Sorry, I got just a reminder. And just a reminder we'll come back. Okay, just in about four minutes time. Okay, keep working through the exercise.