5 Security Mechanism & Access Model
5.1 Introduction
Security mechanisms are technical tools or techniques used to implement security services. They define how the system is accessed, by whom, and provides an audit record of all the activities that have taken place.
Access model, on the other hand, defines how objects are accessed or shared in the system.
In this chapter, we discuss the security mechanism and access model applied in the IM Data Hub.
5.2 Security Mechanism
There are two main security mechanisms implemented in the IM Data Hub:
- Authentication: a mechanism that restricts access to only authorized users or clients in the IM Data Hub,
- Audit trail: a mechanism that detects whether there was an attempt, unexpected, or any unauthorized activity has taken place.
In this section, we discuss the authentication mechanisms and where to find the audit trail.
5.2.1 Authentication Mechanisms
The IM Data Hub supports two types of authentication:
- Basic Authentication: a mechanism that allows users to login or send their credentials over an HTTP web server,
- OAuth 2: a mechanism that allows third party clients or apps to connect on behalf of a user via reusable tokens. Oauth2 access is based on the IM Data Hub user roles. We’ll discuss user roles in the Access model section.
5.2.1.1 Basic Authentication
Users can login IM Data Hub by specifying their username and password on the login page.
Technically, the username is appended with a colon and the password is encoded and then sent over to the server.
IM Data Hub also provides two factor authentication mechanisms which allows the users to receive a 2FA code for confirmation at the time of login. The two factor authentication is enabled on the user settings app. You can read more about the 2FA mechanism here: https://www.google.com/landing/2step/
5.2.1.2 OAuth 2 Authentication
Third-party apps can connect to IM Data Hub via tokens provided by the OAuth 2 authentication mechanism. The IM Data Hub does not support the fine-grained OAuth 2 roles, but rather it provides access based on the user roles.
Setting up OAuth 2 authentication requires access to the IM Data Hub Web API. You can find the specification about this in the developer’s guide.
5.3 Access Model
Access Model defines what and how objects are shared or accessed in the IM Data Hub. Objects, in this case, refers to the data, metadata, and all the components in the IM Data Hub.
There are two ways of manage and set up the access model:
User roles: Setting roles and the access level for the objects in the IM Data Hub, User groups: Defining groups for sharing access to objects in the IM Data Hub.
5.3.1 User roles
User roles defines the level of access to different objects in the IM Data Hub. You can set and assign roles to different objects in from the user app.
The following are the most relevant user roles in the IM Data Hub:
| Name | Details |
|---|---|
| _Admin - Category Option Group (Private) and Group Set (Private) Management | Administration of private Category options group and Group set |
| _Admin - Country User Management | Administration of new users and user groups |
| _Admin - Data Elements (Private) | Administration of DEs, DE Groups and Group sets |
| _Admin - Data Set management (Private) | Administration of private data sets |
| _Admin - Import / Export MetaData | Import and export of metadata and data |
| _Admin - Import/Export aggregate data | Import and export of aggregated data |
| _Admin - Org Unit admin advanced | Edit OU levels |
| _Admin - Org Units (Basic) | Create, edit, and delete OUs |
| _Admin - User Management advanced | Replicate and disable users |
| _Admin - Programs (Private) | Add and update programs |
| _Analytics - Services (all) | Full access to all of DHIS2 analytical tools |
| _App - Browser cache cleaner | Clear DHIS2 browser cache |
| _User - Data Entry Aggregated | Data entry for data sets (Data Entry, Data Capture for DHIS2) |
| _User - Data Entry Tracker | Data entry for programs (Event capture, DHIS2 Android Capture) |
5.3.2 User Groups
There are two main types of user groups.
- Country User group - consists of
[country ISO code] - Adminand[country ISO code] - Users - Global User group - consists of
IM - AdminandIM - Users
All metadata are shared accordingly to the level of access each user group should have.
The Admin User groups can edit and view metadata; capture and view data. The Users User groups can only view metadata; capture and/or view data based on user’s user roles.
CORE Cat options are shared publicly with access to view the metadata; and publicly with access to capture and view data.
IM - Admincan edit and view the metadata; and capture and view data.
[
country ISO code] Cat options are shared publicly with access to view metadata; and publicly with access to capture and view data.[country ISO code] Admincan edit and view metadata; and capture and view data.IM - Admincan edit and view the metadata; and capture and view data.
CORE Categories and CORE Cat combos are shared publicly with access to view metadata.
IM - Admincan edit and view the metadata.
[
country ISO code] Categories, Cat combos, DEs, DE Groups, Indicators, Indicator Groups, OU Groups and OU Group sets are shared to the country specific user groups.[country ISO code] - Admincan edit and view metadata, while[country ISO code] - Userscan only view the metadata.
IM DEs, DE Groups, Indicators, Indicator Groups and OU Group sets are shared to the global groups.
IM - Admincan edit and view metadata, whileIM - Userscan view metadata.
[
country ISO code] Data sets are shared to the country user groups.[country ISO code] - Admincan edit and view the metadata; and capture and view data.[country ISO code] - Userscan view metadata; and capture and view data.
IM Data sets are shared to the global user groups.
IM - Admincan edit and view metadata; and capture and view data.IM - Userscan view metadata; and capture and view data.
5.3.3 User Management
Correct user management is critical to ensure that the IM Data Hub users have the right access to the right information based on their level of rights. All metadata are shared accordingly to the level of access each user group should have. The Admin User groups can edit and view metadata; capture and view data. The Users User groups can only view metadata; capture and/or view data based on user’s user roles.
If a user has [Admin] rights to the IM Data Hub: - Add the user to the relevant [country ISO code] - Admin group - Give the user the relevant User roles to admin users, OUs, DEs, Data sets, etc, like: Admin - Data Elements (Private) - to manage DEs Admin - Data Set management (Private) - to manage Data sets Admin - Country User Management - to admin users Admin - Org Units (Basic) - to admin OUs Analytics - Services (all) - to view analytics tables App - Browser cache cleaner - to clean the cache User - Data Entry Aggregated - to do data entry for Data sets
If a user has [Data entry] rights to the IM Data Hub: - Add the user to the relevant [country ISO code] - Users group - Give the user the relevant User roles to conduct data entry, like: User - Data Entry Aggregated - to do data entry for Data set App - Browser cache cleaner - to clean the cache
If a user has [Analytics] rights to the IM Data Hub: - Add the user to the relevant [country ISO code] - Users group - Give the user the relevant User roles to view analytics tables, like: Analytics - Services (all) - to view analytics tables App - Browser cache cleaner - to clean the cache
5.4 Important Best Practices for the Access Model
If a user is an Admin, you want to assign the user to the
[country ISO code] - Admingroup.
If a user does Data entry or Analytics, you want to assign the user to the
[country ISO code] - Usersgroup.
5.4.1 Access from country to global level access:
In case you want a country user to have access to global metadata and/or data, [do not] share global metadata with the country User group the user is part of (ie do not share the Data set IM Case Reporting with GH – Admin), but rather include the user in one of the IM User groups (ie include Amos into IM – Users User group in case you want to give him access to data reported at global level).
5.4.2 Access from global to country level access:
In case you want a global user to have access to country metadata and/or data, [do not] share country metadata with the IM User group the user is part of (ie do not share the Data set GH Case Reporting with IM – Admin), but rather include the user into one of the relevant [country ISO code] User groups (ie include Keith into the DC – Users User group if you want to give him access to data from DRC).