Privilege Helper Module

Owned by raff
Last updated: Dec 17, 2017 by Fawwaz YusranVersion comment
3 min read

Overview

This module helps you figure out what privileges are required to perform a particular task, and then assists you with assigning those privileges to roles.

Release notes

1.0

  • Recording privilege checks while performing a particular task by the given user
  • Assigning privileges to roles of the chosen user

Download

Installation

The module requires PrivilegeListener to be in core (currently available in 1.10 rev:27765, in 1.9.1 rev:27768 and in 1.8.4 rev:27769). You can also apply a simple patch to your version of OpenMRS to have the functionality. You can read more about PrivilegeListener here and in the related ticket TRUNK-3365.

If your version of OpenMRS supports PrivilegeListener you can download and install the module from our module repository.

User's guide

On the OpenMRS Administration screen, under "Privilege Helper Module", select the "Log privilege checks" link.

1. First you need to enter a user whose actions you want to observer. Typically you will choose a super user and perform a particular task so that you will not be denied access to any page. Later it will be possible to assign recorder privileges to a user of your choice. We recommend to use a different account for using a module and a different one for performing a task so that privileges required by the module are not logged.

2. Before you start logging you should make sure that a user you selected opens the first page needed to perform a task. This way you will log only privileges that are required for the particular task.

3. The moment you start logging, you will be taken to a page which displays recorded privilege checks. The page is not refreshed automatically so you should click Refresh to see the updated log.

The module tries to determine where a privilege was checked and provides you as much detail as possible such as class, method, line number or URL. It also determines if it was a required privilege or an optional privilege. Optional privileges are mostly used to hide some parts of pages which you are not authorized to see. They usually do not stop you from performing your task by displaying you the missing privilege page. This feature may not be 100% accurate.

4. When the task is done, you should click Stop logging. You will see Assign privileges and Discard this recording buttons. Logs are stored in memory and will be gone when you restart OpenMRS or start/stop any module. They will be also overwritten if you decide to start logging for the same user again.

5. When you click Assign privileges, you will be taken to a page which lets you select a user you want to assign recorder privileges to.

6. Next you will see a table with logged privileges in rows and user's roles in columns. From this page you can assign privileges to an existing role or create a new role and assign it to the selected user. To assign a privilege to a role you need to select a checkbox in the proper row and column. When you are done you need to cick Save changes.