Implement permissions defined by role

[RebeccaBushby]

Supervisor/data verifier

• Access to everything for data collectors assigned to supervisor (him/herself)
• Add and edit data collectors assigned to him/herself
• No access to data collectors or reports from data collectors which are not assigned to the supervisor (can only see/edit own data collectors)
• Access to analytics for all regions (but not alert or report details, only overview - same as data consumer)
• No access to volunteer performance data outside of supervisors' assigned data collectors

Data owner

• Can see and do everything for national society
• Can start project in country

Data consumer

• Cannot see or edit data collectors
• Cannot see or edit reports
• Can only see overview of analytics, without any additional access

Global coordinator

• Cannot see or edit data collectors
• Can see table of reports, but no name or phone numbers of data collectors
• Can see overall analytics
• Can start a project/national society registration

Technical advisor

• Same as global coordinator, but cannot start project or register national society

System admin (technical)

• Can see all data, but not add national societies or projects
• Cannot see personal data collector information (?)

@alexanderhoset will split this issue for all bounded contexts. Draft CBS Requirement specification - User management and Reporting.xlsx

[RebeccaBushby]

Depends on #1037

[tineml]

@alexanderhoset , have you split these issues to all bounded contexts?

how do we move forward with this issue? can we implement these roles now and fill content after? As we now only have a line list which everyone have access to. it would be good to limit this from data consumers, but implement data consumer access, so when analytics are ready, we can give access to MoH and partners to see analytics overview.