This is an old revision of the document!


23.15. Managing users

As of version 3.13, mSupply has important improvements to its user management:

  1. User permissions are now per-store, so a user can have different permissions when logged into different stores.
  2. You can create and use user groups. Once a group is set up and permissions for the group assigned, any users that are assigned to the group will inherit the group's permissions, rather than having to set permissions for each user individually. When you change a group's permissions, you change the permissions for all users who belong to that group. This is very useful if you have a lot of users.

If you want to change a user's permissions and find out that all their permissions are greyed out and uneditable then it means they are a member of a group. To edit their permissions separately from the group, they must first be removed from the group:

  • Edit the user, change the Is a member of to None, click OK.
  • Edit the user, set permissions as required, click OK.

Refer to Using groups below for more details. If the user is to remain part of the group then you must change the group's permissions (see Editing a group below) but beware, this will change the permissions for all users who belong to the group, not just the user you're interested in.

If you want to disable a user, perhaps because the staff member has left the organisation, then they must be made 'inactive':

  • Edit the user, uncheck the Active checkbox, click OK.

If the Active checkbox is greyed out, it is because they are a member of a group. You will need to first remove them from the group before you can make them 'inactive':

  • Edit the user, change the Is a member of to None
  • Edit the user, uncheck the Active checkbox, click OK.

mSupply has a comprehensive system of controlling user access, allowing you to manage in fine detail what each user can do and see in the system. You can manage users individually, in groups or a mixture of both - whichever is most suitable for your situation.

User access is managed by choosing File > Edit users from the menus, or by choosing Admin > Edit users in the Navigator. When clicking on this option you are presented with a list of current users:

The list shows you the following information:

  • User The user's name.
  • Job title The user's job title, as entered on the details tab of the user's details form.
  • Group The group the user belongs to. Will be blank of the user does not belong to a group.
  • Active Checked if the user is allowed to login to the system.

To view groups rather than users, choose Groups from the Show Drop-down list at the top-right of the window. The list changes slightly to look like this:

Now the list shows you slightly different information:

  • Group The name of the group
  • Active Checked if the group is active. If the group is active then all users in the group are allowed to login to the system. If the group is inactive (checkbox unchecked), all users in the group are inactive and are not allowed to login to the system.

To get a list of all current user permissions, click the Permission Report button. An Excel spreadsheet will be generated (see sample); it will have one worksheet for each store showing all the users and groups and what permissions they have in that store.

Double-click a user (or group) to edit their details or delete them. Click the New User button to add a new user (or the New group button to add a new group). Doing either will open the user details window (described below - for a new user or group all the tabs are empty, for an existing user or group the tabs are filled with their current settings)

This window has several tabs, all described below.

Is a member of

Used to select the user group the user belongs to (see below). When the window loads, it displays the group the user currently belongs to. It will show “None” if they are not a member of any group.

Password

This text box will always appear empty when the window is loaded. It must be set for a new user. It can be used here to change the password of an existing user.

Confirm password

If something is entered in the Password textbox, then the same text must be entered in this textbox. This step makes sure you set the password to what you think you're setting it to!

Active

If this checkbox is checked, then that user has permission to use the system, and their name will appear in the login window. If this checkbox is unchecked the user will not be allowed to login to the system and their name will not appear in the login window.

Can be responsible officer

If this checkbox is checked, the name of that user will appear for selection in the Responsible Officer selector on the Transport Details tab of a Customer invoice.

User initials

User initials should be entered in this field.

Language

Allows you to select which language the user wants to use in mSupply. As of 2020-08-04 supported languages are

  • English
  • French
  • Lao
  • Spanish
  • Khmer
  • Portuguese (partially complete)

LDAP section

This section can be used to check a user's login credentials against an LDAP (Lightweight Directory Access Protocol) server. If you are going to use LDAP you must fill in the server details in the General Preferences, LDAP tab first.

  • Login using LDAP: Check this if you want this user's login details to be checked against your LDAP server. Means that you can have some users logging in normally and some being checked against your LDAP server. Helpful if there's a delay in users being given LDAP credentials for any reason.
  • LDAP login string: Enter any string which has to be used with the LDAP login. Will be provided by the LDAP administrator if required.

Windows username

The username the user logs into window systems with. Used to provide single-sign-on capability when the user is logging in remotely to an mSupply client running on a Windows server.

License category

Used to select which user license category the user belongs to. This will contain a list of all user categories currently set up in the datafile. See License management for details.

User belongs to State/Region

Used to select the name category 1 that the user belongs to. Only used in some customised versions of mSupply.

Signature

Use to add or remove an image of a user's scanned signature for displaying on invoices for example

User Can:

Used to give the following controls to Users

  • Login as Desktop user
  • Use the Dashboard - this is necessary if you want the user to be able to see dashboards
  • Receive email notifications - this is necessary to enable reports to be emailed on a schedule to a user or group of users. Multiple reports for a User will appear on different tabs of an excel workbook. This needs to be configured by Sustainable Solutions, so get in touch if you're interested and we'll set this up for you.
  • Use web authorisation system

These are where you can set access to the many features and functions on a store-by-store basis for each user or group. There are three Permissions tabs and each are shown in the screenshots below.

Buttons on the Permissions tabs

  • The Store drop down list: Selects the store for which permissions are being displayed and set on the current tab. This is how you set permissions in different stores for users.
  • The All on button: Checks all the permissions on the current tab i.e. turns them all on. There are exceptions to this for safety reasons e.g. the Can update pack size, cost and sell price permission on the Permissions tab.
  • The Copy button: Copies the state of all the checkboxes on the tab for this store to an internal clipboard for that tab.
  • The Paste button: Pastes the checkbox settings saved to the clipboard for the current tab to this tab. In this way, the Copy and Paste buttons are a great way of copying permission settings for tabs between stores - really handy when users have similar permissions in different stores.

Most of the permissions are self explanatory. Those that need more explanation are given below:

Permission Details
Permissions Tab
Add/edit users To prevent you being locked out of your datafile permanently, mSupply will not allow you to turn off this preference for the first 2 users which already exist when you open mSupply for the first time. You should always treat these users as admin users.
Permissions (2) Tab
Change transportation dates on finalised invoice If checked, the user can edit the Order written date, Order received date, Expected arrival date, Actual arrival date and Ship date fields on the Transport details tab of finalised customer invoices
Edit user fields on finalised invoices The user fields are the 4 custom transaction fields that can be enabled in the preferences - see Invoices Preferences for details. If this is enabled the user can edit the contents of these fields on transactions that have already been finalised
Change invoice category on finalised invoice If checked the user can edit the transaction category of invoices (customer, supplier and inventory adjustments)
Transfer goods between stores If checked the user can create a customer invoice with a store as the customer (i.e create a stock transfer)
Finalise stock transfers If checked the user can finalise a customer invoice where the customer is another store (i.e. a stock transfer)
Return stock from supplier invoices If checked a Return selected lines button will appear for the user on finalised supplier invoices, allowing them to return the goods on the invoice. See the 9.01. Returning goods section for details
Permissions (3) Tab
Edit stocktake dates If checked the user can edit the Stock take date field at the top of a stocktake and the confirmed date of inventory adjustments created from the stocktake (see Creating a new stocktake) for details
Edit store details If checked the user can edit the store details and preferences, including using the bulk store preferences editor.
Edit visibility in stores If checked the user can edit the visibility of names and items in different stores. If it is unchecked they can't - either in the Store tab of a name or item's details window or the Visibility tab of a store's details window (in fact, the Visibility tab won't even be visible for them)
Add/import customer budgets If this is checked the user can import or add budgets for a customer, if unchecked they cannot
View and edit temperature breach configurations If checked, the user can view and edit temperature breach configurations in the vaccine/cold chain module. See the 20.01. Vaccine Vial Monitoring (VVM) page for details.
View and edit vaccine vial monitor status If checked, the user can view and edit the statuses that vaccine vial monitors have. See the 20.01. Vaccine Vial Monitoring (VVM) page for details.
View sensor details If checked the user can view temperature sensor details. See the 20.03. Cold Chain App Notifications page for details.
Edit sensor location If checked the user can edit the warehouse location attached to a sensor. See the 20.03. Cold Chain App Notifications page for details.
Edit/delete customer budgets If this is checked the user can edit or delete budgets for a customer, if unchecked they cannot
Create customer invoices from requisitions If this is checked the user can create customer invoice from the Create customer invoice button on requisitions. You can use this in conjunction with the Create customer invoices permission on the Permissions (2) tab to force all distribution to be carried out from requisitions.
View assets If this is checked, the user is allowed to search the assets in the system and see their details
Add/edit assets If this is checked, the user can also change the details of assets
Setup assets If this is checked a user can manage the setup of assets e.g. add or edit asset statuses, conditions, properties etc. (see the assets setup page for details of the various setup options)
Change asset status If checked, the user can make an asset's proposed status its current status.

On this tab you set which stores the user can login to:

The Is disabled column indicates whether a store is disabled or not and can't be edited.

You can check one box in the Default store column - this will be the store the user is offered by default every time they login or switch stores.

In the Can login column you can check the box for each store the user is allowed to login to. All the stores in your mSupply datafile are displayed here in alphabetical order. Please note:

  • The “Drug Registration” store is a special store used for the mSupply medicine registration functionality. See Registration for more details. Checking this box will allow the user to login to the Registration module.
  • The “Hospital Info System” is another special store used for mSupply's built-in Hospital Information system. See here for more details. Checking this box will allow the user to login to the HIS module.
  • “Supervisor - All stores” stores is a special mode to allow users to view information in and run reports over multiple stores. See here for more information.

Here some personal details including job title, address and email address of the user can be recorded. The job title will appear in the Job title column in the list of users and the email address is used when using email functionality or other special functions in mSupply.

Other than that, these fields are for reference only, providing a handy place to record information about your system users.

On this tab you set which dashboard tabs will appear on the dashboard when the user logs into it. Of course, you have to set up the dashboard tabs before you can assign them to a user's dashboard. See Dashboard for instructions on doing that.

Once the dashboard tabs have been setup, they will appear in the Available column of this tab. You can see the “Test_tab” in the screenshot above. Anything in the Chosen column will be displayed on the user's dashboard. So, to make a dashboard tab appear on the user's dashboard, select it in the Available column and click on the >> icon to move the tab into the Chosen column. And to remove a dashboard tab from the user's dashboard, simply select it in the Chosen column and click on the << icon to move it back into the Available column.

To create a new user do this:

  1. Go to File > Edit users… and click on the New user button
  2. Enter the user name
  3. Assign a password
  4. Enter the password again in the Confirm password text box
  5. Go to the permissions tabs and set up permissions (3 tabs) OR select which group the user is to belong to using the Is a member of drop down list on the General tab (you must do one of these because you'll have noticed that when you create a new user they have absolutely no permissions at all!)
  6. Go to the Login rights tab and set the stores the user can login to.
  7. Click OK when you're done.
  8. The user should now be able to log in.
  9. After the user logs in, they may want to change their password.

To delete a user do this:

  1. Go to File > Edit users…
  2. Double-click the name of the user or group you want to delete in the list
  3. Click on the Delete button on the bottom of the edit user window that opens

Note that you won't be able to delete a group that has users belonging to it. If you really want to delete the group, remove all users from the group first by editing their Is a member of fields.

Show the list of groups by opening the “Edit user” window and then choosing “Groups” from the “Show” Drop-down menu

To add a group, click the Add Group button. You will be shown a window where you add the group name. You then set permissions for the group in the same way as you set permissions for a user (above):

Note that you will only be able to set checkboxes which can have different settings in different stores. Anything that is not a checkbox and or any checkbox that applies across all stores cannot be set in a group's permissions (another way of saying this is that they cannot be controlled by a group). These items will all be disabled when creating or editing a group and are editable in the individual users' permissions only.

First, show the list of groups by opening the “Edit user” window and then choosing “Groups” from the “Show” Drop-down menu

Then double click on a group in the list. The same window as for adding a group opens but it is populated with the group's current settings. Change these settings as described for a new group above and click on the OK button to save them.

Groups are a quick way of setting and managing permissions for many people at a time. Users belonging to a group take the permissions of that group: when a user is a member of a group you cannot edit their permissions directly, you must edit the group's permissions. And if you edit the group's permissions, you edit the permissions for every user in the group. To assign a user to a group, do the following:

  1. Go to File > Edit users
  2. Double click on the user you want to edit
  3. On the general tab of the window which opens, use the Is a member of drop down list to select the group the user is to belong to:
  4. Click on the OK button to save you changes.

A menu item on the Special menu of the navigator gives access to a form to view and edit user license categories, including the number of users belonging to them that can be logged in at any one time. A DDL on the user input form allows a user to be assigned to a category and a new permission covers the ability to edit these license categories and membership of them. Finally, a check on the OK button of the login form will check that there are less than the maximum users belonging to the license category the user belongs to already logged in.



  • Last modified: 2021/04/22 14:17
  • by Gary Willetts