 In DHS-2, the concept of sharing relates to access control. Through sharing settings, you can control who can access specific data or metadata objects, such as data elements, categories, and data sets. In combination with user roles and organization unit configurations, this provides a granular control over user access to DHS-2 systems. In this video, you will learn how to manage sharing settings in DHS-2. Specifically, you will see how you can allow different users and user groups to access metadata and data in your system. Proper use of access control has implications both for system security and usability. From a security standpoint, granting data access only to specific users or user roles is an integral part of keeping your data secure. From a usability perspective, it also makes the DHS-2 system easier for users to navigate, as they can only see and access the organization unit's features and data that are relevant for them. The three layers of access control in aggregate DHS-2 systems are user roles, organization unit assignment, and sharing settings. The first layer, user roles, controls access to various apps within DHS-2, along with the types of operations that a specific class of users can perform within these apps. User roles also control specific administrative functions within DHS-2. To learn more about user roles, consult the DHS-2 documentation. The second layer, organization unit assignment, controls users' access to the organizational hierarchy. For example, in the data entry app, users can only enter data for the organization unit they are associated with and the organization units below it in the hierarchy. The third layer, sharing, provides more granular control and restricts user or user group's access to specific metadata and data in the DHS-2 system. These controls are managed through the sharing settings feature. Let's dive into sharing settings in more detail. You can apply sharing settings for both metadata and data. Metadata sharing determines if a user or user group can view or edit a piece of metadata in the system. Data sharing determines if a user or user group can capture or view data associated with a particular object, both in data entry and analysis applications. Applying data sharing settings is a required step of configuring a dataset in DHS-2 because the default data setting is private, which means that no one will be able to capture or view data for your dataset until the sharing settings are updated. Both metadata and data have individual sharing settings. For metadata sharing, there are three levels of access. The first is no access. This means that users cannot see an object. This is applied through system-wide public access rather than through a specific user or user group. For example, to turn public access off for certain metadata. The second is can edit and view. This allows users or user groups to view and edit a metadata object. Note that to edit the object, they would also need access to the maintenance app via their user role. The third is can view only. This allows users or user groups to view a metadata object within various DHS-2 apps. Their user roles control which apps they have access to. For data sharing, there are also three levels of access. The first is none. This means that a user or user group will not be granted access to the data of the selected metadata object at all. For example, no access to view the data entered for a particular dataset. The second is can capture and view. This allows a user or user group to enter and view data associated with the selected metadata. For other data, they would also need access to the data entry app via their user role. And the third is can view only. This allows a user to only view data associated with the selected metadata. For aggregate data, this means they will only be able to view related data in the analysis apps such as data visualizer and maps and not be able to open datasets within the data entry app even for viewing purposes. As you can see here, user roles and sharing settings are closely linked. If you would like to grant a user the right to edit particular data elements, you need to make sure their user role allows them to access the maintenance app. For example, to edit a data element, a user would need to have the data elements shared with them using the can edit and view sharing settings, and their user role would have to allow them to access the maintenance app. Let's shift our focus specifically to the data sharing aspect. In aggregate systems, data sharing is controlled through category options and datasets. For example, if someone needs to enter data for the RMN-CAH dataset, they need to have access to the data entry application through their user role, as well as to the specific organization units that they need to enter data for, and the sharing settings need to be updated to allow for data sharing on both the RMN-CAH category options and the dataset itself. Let's see what this looks like in DJS2. Sharing settings are applied to metadata within the maintenance application. All category options within the RMN-CAH dataset need to have data sharing settings configured for the user or user groups who need access to it set to can, capture and view. The dataset sharing for the user or user group also needs to be set to can, capture and view. Configuring these sharing settings for both the category options and the dataset will allow the specified users or user groups to enter data within the dataset for their assigned organization units. If either of these settings are incorrect, the users will not be able to enter data values in the RMN-CAH form. In summary, user roles, organization unit assignment, and sharing settings are three levels of access control in DJS2. User roles control user access to applications. Organization unit assignment controls access to the organizational hierarchy, and sharing settings provide a more granular control on objects in DJS2, allowing a specific user or user group access to specific metadata and data. Metadata sharing allows users or user groups to view and edit metadata. Data sharing determines the permission of the users or user groups to capture and view particular data. Sharing settings require consideration during configuration of any dataset in DJS2. If they are not correctly configured, then users may not be able to access the dataset to either view data or enter data.