This feature allows you to set up and manage default and custom roles and permissions for different user groups on your deployment. Each deployment has a default “Admin” and "Member" role, which cannot be deleted. The default “Admin” role allows for full control over ALL functionality on your deployment, while the default "Member" role only grants access to edit their own posts. "Member" role can be edited to update the permissions. "Admin" role cannot be edited to update the permissions.
Also, permissions are fully determined by Role-Based Access Control (RBAC). This means that each user can be assigned a specific role by an admin, which in turn grants them a particular set of operations within the platform. Below is a list of permissions included in the Mzima Platform;
Manage Users: This permission entails the following operations;
Viewing the list of users on the platform
Adding, Editing or Deleting Users
Changing the Roles of Users
Manage Posts: This permission entails the following;
Viewing the Posts
Adding or Editing their Posts
Publishing Posts
Archiving Posts
Adding Posts to Collections
Manage Settings: This permission entails managing the settings in the platform
Users can manage the general settings which allow the user to:
Change the deployment details
Adjust the privacy settings for the deployment
Adjusting the location settings. You can find more about this here.
Adding, Editing or Deleting data sources
Adding, Editing or Deleting Surveys
Adding, Editing or Deleting Categories
Users can configure the HDX API and create webhooks
Bulk Data Import and Export: Allows users to import and export CSV files
Edit their own posts: Allows the user to be able to edit their posts
Manage Collections and Saved Searches: This permission entails the following:
Addition/Removal of posts from all saved searches and collections
Editing all saved searches or collections
Deleting all saved searches and collections
Delete Posts: This permission allows the user to be able to delete posts from the platform
Delete their own Posts: This permission allows the user to be able to delete the posts that they have created themselves.
The setup in this guide is demonstrated in the below video as well. You can watch and follow the guide at the same time!
Video coming soon
Users can still interact with the Mzima Platform while logged out, but their capabilities will be limited compared to those of logged-in users. Here is a breakdown:
If a user is not authenticated;
The user can create posts on the platform although the usernames will be marked as Anonymous. Also, the user cannot edit their posts once submitted.
The user can view statuses that are published only.
The user can view saved filters if only the visibility of the filters is set to ‘Everyone’.
The user can view categories if only the visibility of the categories is set to ‘Everyone’.
The user can view collections if only the visibility of the collections is set to ‘Everyone’.
The user can share posts.
If a user is authenticated;
The user can access the platform settings if they have the 'Manage Settings' permission only.
The user can create saved filters and adjust the visibility.
The users can create posts. It is worth noting that they can only edit them if they have the 'Edit their own posts' permission.
The user can create a collection but they will only be visible to them and the admins. If they have the ‘Manage Collections and Saved Searches’ permission in their role, they can adjust the visibility to either ‘only me’, ‘everyone’ or ‘specific roles’. Also, a user can create and delete collections but cannot edit them if they do not have this permission.
The user can see published posts for everyone and their posts that are 'under review' or 'archived'.
To access the roles management page, on the sidebar, click on Settings
Then, click on Roles
You’ll be redirected to a page with a list of all existing roles - default & custom roles (created by admins if any exist).
To add a custom user role, click on the yellow Add icon
Add the following details
Name: Provide a name for this new custom role
Description: Provide a brief description of what/who this custom role has been created for
Set your permissions. The list below shows the list of permissions included in the platform. You can view the brief breakdown of each of the permissions that can be granted to users by selecting here.
Manage Users:
Manage Posts:
Manage Settings:
Bulk Data import and Export:
Edit their own posts:
Manage collections and saved searches:
Click on Save.
To edit a role, click on a role from the list provided to you.
Next:
On redirection to the edit page, make your desired changes to the role (i.e fill out details as directed in the Add role section)
Click on Save to update the role.
To delete a role, click on a role from the Roles management list page
Then, click on the Delete button at the bottom of the page
A pop up box will appear on the top of the page, prompting you to confirm whether you would like to delete the custom role. If:
You would like to proceed with deletion, click on Delete
You would not like to proceed with deletion, click on Cancel
Video coming soon
To access the User management page, on the sidebar, click on Settings
Then, click on Users
Then:
You’ll be redirected to a page with a list of all existing users on your deployment
If you are an ushahidi.io user, you should see the the user you created on set up listed on this page. If you are an ushahidi open source user, every installation comes with a default username: admin and password: admin123
From here, you can search for users either by name or by custom role
To add a new user, click on the yellow icon as shown below
Fill out the details below
Display Name: This is the name that will be displayed
Email address: This is the email address that will be tied to this new user’s account, and will be used to log in.
Password: Set a strong and secure password for your new user. Each password must have at least 7 characters
Role: Choose the level of administration access you would like this user to have
Click on Save to create one.
To edit a user, click on the user you intend to edit from the user list page
You should be able to edit the user’s display name, email address, password and user role from this page.
Click on save when done.
Similarly, you can delete multiple users at once from the user management page, or from the individual user edit page.
To delete a single user, from the individual user edit page. Click on the user you intend to edit from the user list page.
Click on Delete User
A pop up box will appear on the top of the page, prompting you to confirm whether you would like to delete your user
Click on Yes, delete to delete your user
If you’d like to cancel the user deletion process, click on No, go back
To delete a multiple user, from the User management page:
Click on the bulk actions button
Check/select the users to delete
Click on the delete button or icon
A pop up box will appear, prompting you to confirm whether you would like to delete your users
Click on Yes, delete to delete your user
If you’d like to cancel the user deletion process, click on No, go back
In some cases, we’ve seen large groups of people teaming up to work on managing data on Ushahidi deployments. This section describes how to create and manage custom roles and users on your deployment.
Adding Roles
Editing Roles
Deleting Roles
Adding Users
Editing Users
Deleting Users
