Versions Compared

Version Old Version 67 New Version Current
Changes made by

Mruga Shastri

Brendon Peter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

This section provides a high level overview of user management in CommCare - including different user types and structures.

...

Excerpt
nameWeb Users

Web Users typically play a management role in a project, often overseeing data being collected by Mobile Workers. Web users have accounts which allow them to access the CommCareHQ website, where they can build and change applications, manage users and settings, and view data.

In a given project, you may have a number of people with access to CommCare HQ. Depending on their permissions, these web users may:

  • Create, modify, download, and deploy CommCare applications

  • Create, manage, and delete mobile user accounts

  • View and export data submitted by mobile workers

  • Send text messages to mobile workers

  • Manage workspace settings

While web users have a range of tasks that they are able to complete through CommCare HQ, there is one thing they cannot do: submit data. For this, they need a mobile worker account (in addition to their web user account) or an advanced CommCare tool. 
Additionally, it is important to note that recent changes to HQ now provide web users the ability to manage both mobile workers and other web users, in terms of creating and updating, even if they are location-restricted.

Hybrid Configuration for Mobile Worker Accounts

...

Area Access Permissions

Web Users

Invite new web users, manage account settings, remove membership.

This permission will be hidden if Full Organization Access is disabled.

Mobile Workers

Create new accounts, manage account settings, deactivate or delete mobile workers

Groups

Manage groups of mobile workers

This permission will be hidden if Full Organization Access is disabled.

Groups
(Sub-permission)

Allow changing group membership

This permission allows you to assign mobile workers to a group. This is typically controlled by the "Edit Mobile Workers" permission, but this option may be useful if you need users who can edit group membership, but not otherwise edit mobile worker data.

Locations

Manage locations in the Organizations (Locations) 's hierarchy.

Locations
(Sub-permission)

Allow changing workers at a location

This permission allows you to assign mobile workers to a location. This is typically controlled by the "Edit Mobile Workers" permission, but this option may be useful if you need users who can edit location membership, but not otherwise edit mobile worker data.

Data

View, download and edit form and case data, reassign cases.

This also controls access to lookup tables.

Web Apps

Allow users to enter data using Web Apps. Access may be granted to all apps, a limited set of apps, or no apps.

For mobile workers, the “no access” option is ignored. Mobile workers always have full or partial access to Web Apps.

When the project has opted to manage Web App permission using mobile worker groups - a feature that is now incorporated into ‘Roles and Permissions’, there will be a warning message “This permission is already configured via Manage Web Apps Permissions. Please remove this configuration before updating access here.” to encourage and assist users in migrating from the deprecated page to the updated configuration.

Messaging

Configure and send conditional alerts via SMS or email messaging.

Access APIs

General access to CommCare HQ APIs. Individual APIs require additional specific permissions - for example, the bulk upload users API requires permission to edit mobile workers. Unchecking this permission allows you to completely revoke access to all APIs.

*** Important Security Consideration *** This permission grants access to ALL data through the API, even if the web user is Location restricted, thus not having the ability to access all data from CommCareHQ's data tools.

Applications

Modify or view the structure and configuration of all applications.

This permission will be hidden if Full Organization Access is disabled.

Roles & Permissions

View web user and mobile worker roles & permissions (only Admins can edit roles)

This permission is ‘View Only’ for all roles except Admins. View access can be deselected to prevent users from viewing Roles & Permissions entirely. This permission will be hidden if Full organization Access is disabled.

Manage Shared Exports

Allows users to edit exports whose sharing setting is configured to Edit and Export
This permission (Manage Shared exports) will only be available to CommCare users with a Pro Plan or higher. For more details, see theCommCare Software Plan page.

Reports Permissions

Create and Edit Reports

Allow role to create, edit and delete reports using the Report Builder.

This permission will be hidden if Full Organization Access is disabled.

Access All Reports

Allow role to access all reports.

If this permission is disabled, you have the option to grant access to individual reports.

Access Specific Reports

If Access All Reports is disabled, a list of specific reports will appear. You can grant or deny the role access to each report individually.

Download and Email Reports

See under Other Settings Permissions. 

Other Report Settings

Note that there is a separate permission handled elsewhere that provides access to scheduled reports created by other people. That feature is independent of these permission checkboxes, and instead requires for the user be assigned to the Admin role within the domain.

Also, see Download and Email Reports below under Other Settings Permissions. 

Other Settings Permissions

Manage Subscription Info

Allow role to manage subscription information.

Subscription info can be found under your project settings. This permission will be hidden if Full Organization Access is disabled.

Full Organization Access

Allow role to access data from all locations.

If disabled, your users must be assigned locations in order to access CommCareHQ. Disabling this permission renders obsolete Web Users, Groups, Applications, Roles & Permissions, Create and Edit Reports and the Manage Subscription Info permissions and hides them from view. For further information, please see the Full Organization Access sub-section.

Mobile App Access

Allow mobile users access to offline mobile applications.

Mobile App Access enables permissions to access CommCare's Mobile Endpoint API and is essential for enabling offline work from a mobile device.

Default Landing Page

Upon login, the permission decides where the user begins; on the Dashboard, Web Apps or Reports. If Use Default is selected, mobile workers will be directed to Web Apps and Web Users will go to the dashboard.

Allow Reporting Issues

Allow this role to report issues. This permission is enabled by default.

Non-Admin Editable

Allow non-admins to assign this role to other users. Users can assign roles on the Web Users page

Download and Email Reports

Allow role to download and email report data.

If this permission is disabled, the user will not be able to access the My Scheduled Reports tab, export the data to Excel or email it.

...