Simplified Permission Model #853

tnagorra · 2024-04-11T12:21:23Z

tnagorra
Apr 11, 2024
Maintainer

Permission System

In software development, a permission system is a system that defines and manages the access rights and privileges of users within a program or system. It outlines the rules and guidelines for granting or denying specific actions based on the roles, permissions, and levels of authorization assigned to individual users or user groups. This helps ensure the security, integrity, and confidentiality of data and resources by controlling who can access, modify, or execute certain actions.

Background

User roles in IFRC GO

There are different user roles in IFRC GO. Each role has different access rights and privileges within IFRC GO.

Users can also have multiple roles assigned to them.

The existing user roles in IFRC GO are listed below:

Country Admin
Region Admin
DREF Region Admin
PER Country Admin
IFRC Admin
ICRC Admin
IFRC PER Country Admin
Guest (non-logged in users)

The above list might not be a complete list.

We should note that some of the roles should be associated with a country or a region.

The user roles associated with a country are listed below:

Country Admin
PER Country Admin

The user roles associated with a region are listed below:

Region Admin
DREF Region Admin

Visibility in IFRC GO

There are different type of entities in IFRC Go. And, there are different kind of visibilities that depend on the entity and the logged-in user:

Creator Visibility
Implicitly Inherited Visibility
Explicitly shared Visibility from Visibility Group
Expliclity shared Visibility to User

The entities that we are interested for this discussion are listed below:

DREF Application
- Creator Visibility
- Expliclity shared Visibility to User
Field Report
- Implicitly Inherited Visibility
- Explicitly shared Visibility from Visibility Group
3W Project
- Implicitly Inherited Visibility
- Explicitly defined Visibility Group
3W Activity
- Implicitly Inherited Visibility
Flash Update
- Implicitly Inherited Visibility
PER
- Implicitly Inherited Visibility

User profiles in IFRC GO: Country and Region

Regional Admins
- Set from the Django Admin Panel
- System sends pending registration reminders to region admins
User Countries
- Set from the Django Admin Panel
- For filtering visibility of events, project (3w), field reports, ...
User Profile
- Set during user registration
- For filtering visibility of events, project (3w), field reports, ...

Current Implementation

The permission system is implemented using Django's built-in permission system. Only Super User of IFRC GO can view and manage the permissions using the Django Admin Panel.

Super User are special users with unrestricted access rights and privileges

Permission

The available permissions are listed below:

List of permissions extracted from IFRC GO production (2024-04-10)

admin | log entry | Can add log entry
admin | log entry | Can change log entry
admin | log entry | Can delete log entry
admin | log entry | Can view log entry
api | action | Can add action
api | action | Can change action
api | action | Can delete action
api | action | Can view action
api | actions taken | Can add actions taken
api | actions taken | Can change actions taken
api | actions taken | Can delete actions taken
api | actions taken | Can view actions taken
api | admin2 | Can add admin2
api | admin2 | Can change admin2
api | admin2 | Can delete admin2
api | admin2 | Can view admin2
api | admin2 geoms | Can add admin2 geoms
api | admin2 geoms | Can change admin2 geoms
api | admin2 geoms | Can delete admin2 geoms
api | admin2 geoms | Can view admin2 geoms
api | admin contact | Can add admin contact
api | admin contact | Can change admin contact
api | admin contact | Can delete admin contact
api | admin contact | Can view admin contact
api | admin key figure | Can add admin key figure
api | admin key figure | Can change admin key figure
api | admin key figure | Can delete admin key figure
api | admin key figure | Can view admin key figure
api | admin link | Can add admin link
api | admin link | Can change admin link
api | admin link | Can delete admin link
api | admin link | Can view admin link
api | appeal | Can add appeal
api | appeal | Can change appeal
api | appeal | Can delete appeal
api | appeal | Can view appeal
api | appeal document | Can add appeal document
api | appeal document | Can change appeal document
api | appeal document | Can delete appeal document
api | appeal document | Can view appeal document
api | appeal document type | Can add appeal document type
api | appeal document type | Can change appeal document type
api | appeal document type | Can delete appeal document type
api | appeal document type | Can view appeal document type
api | appeal filter | Can add appeal filter
api | appeal filter | Can change appeal filter
api | appeal filter | Can delete appeal filter
api | appeal filter | Can view appeal filter
api | appealhistory | Can add appealhistory
api | appealhistory | Can change appealhistory
api | appealhistory | Can delete appealhistory
api | appealhistory | Can view appealhistory
api | auth log | Can add auth log
api | auth log | Can change auth log
api | auth log | Can delete auth log
api | auth log | Can view auth log
api | country | Can add country
api | country | Can change country
api | country | Admin for Ukraine
api | country | Admin for Yemen, Rep.
api | country | Admin for Latvia
api | country | Admin for Lebanon
api | country | Admin for Lesotho
api | country | Admin for Liberia
api | country | Admin for Liechtenstein
api | country | Admin for Lithuania
api | country | Admin for Luxembourg
api | country | Admin for Macedonia, FYR
api | country | Admin for Madagascar
api | country | Admin for Serbia and Montenegro
api | country | Admin for Malawi
api | country | Admin for Malaysia
api | country | Admin for Mali
api | country | Admin for Malta
api | country | Admin for Mauritania
api | country | Admin for Mauritius
api | country | Admin for Mexico
api | country | Admin for Monaco
api | country | Admin for Morocco
api | country | Admin for Zambia
api | country | Admin for Mozambique
api | country | Admin for Myanmar
api | country | Admin for Namibia
api | country | Admin for Nepal
api | country | Admin for Netherlands
api | country | Admin for New Zealand
api | country | Admin for Nicaragua
api | country | Admin for Niger
api | country | Admin for Nigeria
api | country | Admin for Norway
api | country | Admin for Zimbabwe
api | country | Admin for Palau
api | country | Admin for Pakistan
api | country | Admin for Panama
api | country | Admin for Papua New Guinea
api | country | Admin for Paraguay
api | country | Admin for Peru
api | country | Admin for Philippines
api | country | Admin for Portugal
api | country | Admin for Qatar
api | country | Admin for Afghanistan
api | country | Admin for Romania
api | country | Admin for Russian Federation
api | country | Admin for Rwanda
api | country | Admin for Samoa
api | country | Admin for Saudi Arabia
api | country | Admin for Albania
api | country | Admin for Senegal
api | country | Admin for Seychelles
api | country | Admin for Sierra Leone
api | country | Admin for Singapore
api | country | Admin for Slovakia
api | country | Admin for Slovenia
api | country | Admin for Solomon Islands
api | country | Admin for Somalia
api | country | Admin for South Africa
api | country | Admin for Spain
api | country | Admin for Algeria
api | country | Admin for Sri Lanka
api | country | Admin for Sudan
api | country | Admin for Swaziland
api | country | Admin for Sweden
api | country | Admin for Switzerland
api | country | Admin for Tajikistan
api | country | Admin for Thailand
api | country | Admin for Andorra
api | country | Admin for Togo
api | country | Admin for Tonga
api | country | Admin for Trinidad and Tobago
api | country | Admin for Tunisia
api | country | Admin for Turkey
api | country | Admin for Turkmenistan
api | country | Admin for Uganda
api | country | Admin for St. Kitts and Nevis
api | country | Admin for St. Lucia
api | country | Admin for St. Vincent and the Grenadines
api | country | Admin for Angola
api | country | Admin for Suriname
api | country | Admin for Burkina Faso
api | country | Admin for Côte d'Ivoire
api | country | Admin for Guinea-Bissau
api | country | Admin for Congo, Rep.
api | country | Admin for Sao Tomé and Principe
api | country | Admin for Comoros
api | country | Admin for Congo, Dem. Rep.
api | country | Admin for Eritrea
api | country | Admin for Tanzania, United Republic of
api | country | Admin for Antigua and Barbuda
api | country | Admin for Viet Nam
api | country | Admin for Korea, Rep.
api | country | Admin for Korea, Dem. Rep.
api | country | Admin for Mongolia
api | country | Admin for Micronesia, Fed. Sts.
api | country | Admin for Bosnia and Herzegovina
api | country | Admin for Poland
api | country | Admin for United Arab Emirates
api | country | Admin for Argentina
api | country | Admin for Azerbaijan
api | country | Admin for Kazakhstan
api | country | Admin for Moldova
api | country | Admin for Iran, Islamic Rep.
api | country | Admin for Libyan Arab Jamahiriya
api | country | Admin for Palestinian territories
api | country | Admin for Syrian Arab Republic
api | country | Admin for Benin
api | country | Admin for Armenia
api | country | Admin for Timor-Leste
api | country | Admin for Cook Islands
api | country | Admin for Marshall Islands
api | country | Admin for Tuvalu
api | country | Admin for British Indian Overseas Territories
api | country | Admin for Montserrat
api | country | Admin for Anguilla
api | country | Admin for Virgin Islands, British
api | country | Admin for Turks and Caicos Islands
api | country | Admin for Australia
api | country | Admin for Cayman Islands
api | country | Admin for Israel
api | country | Admin for Netherlands Antilles
api | country | Admin for French Guiana
api | country | Admin for Guadeloupe
api | country | Admin for Martinique
api | country | Admin for Maldives
api | country | Admin for Cyprus
api | country | Admin for American Samoa
api | country | Admin for Austria
api | country | Admin for Antarctica
api | country | Admin for Aruba
api | country | Admin for Baker Island
api | country | Admin for Bermuda
api | country | Admin for Bhutan
api | country | Admin for Christmas Island, Territory of
api | country | Admin for Cocos Islands, Territory of
api | country | Admin for Falkland Islands (Malvinas)
api | country | Admin for Faroe Islands
api | country | Admin for French Polynesia
api | country | Admin for French Southern and Antarctic Lands
api | country | Admin for Gibraltar
api | country | Admin for Greenland
api | country | Admin for Guam
api | country | Admin for Heard I. & McDonald Is.
api | country | Admin for Howland Island
api | country | Admin for Jarvis Island
api | country | Admin for Johnston Atoll
api | country | Admin for Mayotte
api | country | Admin for Bahamas, The
api | country | Admin for Midway Island
api | country | Admin for Nauru
api | country | Admin for New Caledonia
api | country | Admin for Niue
api | country | Admin for Norkolk Island
api | country | Admin for Northern Mariana Island
api | country | Admin for Pitcairn
api | country | Admin for Puerto Rico
api | country | Admin for Oman
api | country | Admin for Reunion
api | country | Admin for Bahrain
api | country | Admin for San Marino, Republic of
api | country | Admin for South Georgia and the South Sandwich Is.
api | country | Admin for Saint Helena
api | country | Admin for St. Pierre et Miquelon
api | country | Admin for Svalbard and Jan Mayen
api | country | Admin for Tokelau
api | country | Admin for Virgin Islands, US
api | country | Admin for Wake Island
api | country | Admin for Wallis and Futuna
api | country | Admin for Western Sahara
api | country | Admin for Bangladesh
api | country | Admin for Montenegro
api | country | Admin for Serbia
api | country | Admin for Guernesey
api | country | Admin for Jersey
api | country | Admin for Holy See (Vatican City State)
api | country | Admin for Hong Kong (China)
api | country | Admin for Isle of Man
api | country | Admin for Aland Island
api | country | Admin for Bouvet Island
api | country | Admin for Macao
api | country | Admin for Barbados
api | country | Admin for St. Martin (French part)
api | country | Admin for Republic of China (Taiwan)
api | country | Admin for Zone Americas
api | country | Admin for Zone Asia-Pacific
api | country | Admin for Zone Central and West Africa
api | country | Admin for Zone Eastern Africa
api | country | Admin for Zone Europe
api | country | Admin for Zone MENA
api | country | Admin for Zone Southern Africa
api | country | Admin for Zone GLOBAL
api | country | Admin for Belarus
api | country | Admin for South Sudan, Rep. Of
api | country | Admin for Southern Africa Country Cluster
api | country | Admin for Central Africa Country Cluster
api | country | Admin for Eastern Africa and Indian Ocean Islands Country Cluster
api | country | Admin for West Coast Country Cluster
api | country | Admin for Sahel Country Cluster
api | country | Admin for Tunis Country Cluster
api | country | Admin for Dubai Country Cluster
api | country | Admin for Beijing Country Cluster
api | country | Admin for New Delhi Country Cluster
api | country | Admin for United Kingdom
api | country | Admin for Belgium
api | country | Admin for Bangkok Country Cluster
api | country | Admin for Jakarta Country Cluster
api | country | Admin for Suva Country Cluster
api | country | Admin for Southern Cone Country Cluster
api | country | Admin for South America Country Cluster
api | country | Admin for Caribbean Country Cluster
api | country | Admin for Cuba, Haiti and Dominican Republic Country Cluster
api | country | Admin for Tegucigalpa Country Cluster
api | country | Admin for Guatemala City Country Cluster
api | country | Admin for Central and South-Eastern Europe Country Cluster
api | country | Admin for Belize
api | country | Admin for Central Asia Country Cluster
api | country | Admin for Moscow Country Cluster
api | country | Admin for South Caucasus Country Cluster
api | country | Admin for Benelux
api | country | Admin for ICRC
api | country | Admin for East Africa Country Cluster
api | country | Admin for Indian Ocean Islands Country Cluster
api | country | Admin for Central America Country Cluster
api | country | Admin for North America and Mexico Country Cluster
api | country | Admin for American Samoa
api | country | Admin for Bouvet Island
api | country | Admin for British Indian Ocean Territory
api | country | Admin for British Virgin Islands
api | country | Admin for Cayman Islands
api | country | Admin for Christmas Island
api | country | Admin for Cocos (Keeling) Islands
api | country | Admin for Falkland Islands (Malvinas)
api | country | Admin for Faroe Islands
api | country | Admin for Greenland
api | country | Admin for Bolivia
api | country | Admin for Guam
api | country | Admin for Guernsey
api | country | Admin for Heard Island and McDonald Islands
api | country | Admin for Isle of Man
api | country | Admin for Jersey
api | country | Admin for Kosovo
api | country | Admin for Montserrat
api | country | Admin for Norfolk Island
api | country | Admin for Northern Mariana Islands
api | country | Admin for South Georgia and the South Sandwich Island
api | country | Admin for Botswana
api | country | Admin for Tokelau
api | country | Admin for Turks and Caicos islands
api | country | Admin for United States Virgin Islands
api | country | Admin for Aksai Chin
api | country | Admin for Ashmore and Cartier Islands
api | country | Admin for Bassas da India
api | country | Admin for Bir Tawil
api | country | Admin for Bird Island
api | country | Admin for Clipperton Island
api | country | Admin for Europa Island
api | country | Admin for Brazil
api | country | Admin for Glorioso Island
api | country | Admin for Hala'ib triangle
api | country | Admin for Ilemi triangle
api | country | Admin for Juan de Nova Island
api | country | Admin for Kuril islands
api | country | Admin for Liancourt Rocks
api | country | Admin for Navassa Island
api | country | Admin for Paracel Islands
api | country | Admin for Scarborough Reef
api | country | Admin for Senkaku Islands
api | country | Admin for Brunei Darussalam
api | country | Admin for Spratly Islands
api | country | Admin for Tromelin Island
api | country | Admin for Bulgaria
api | country | Admin for Burundi
api | country | Admin for United States
api | country | Admin for Cambodia
api | country | Admin for Cameroon
api | country | Admin for Canada
api | country | Admin for Cape Verde
api | country | Admin for Central African Republic
api | country | Admin for Chad
api | country | Admin for Chile
api | country | Admin for China
api | country | Admin for Colombia
api | country | Admin for Uruguay
api | country | Admin for Costa Rica
api | country | Admin for Croatia
api | country | Admin for Cuba
api | country | Admin for Czech Republic
api | country | Admin for Denmark
api | country | Admin for Djibouti
api | country | Admin for Dominica
api | country | Admin for Dominican Republic
api | country | Admin for Uzbekistan
api | country | Admin for Ecuador
api | country | Admin for Egypt, Arab Rep.
api | country | Admin for El Salvador
api | country | Admin for Equatorial Guinea
api | country | Admin for Estonia
api | country | Admin for Ethiopia
api | country | Admin for Fiji
api | country | Admin for Finland
api | country | Admin for France
api | country | Admin for Gabon
api | country | Admin for Vanuatu
api | country | Admin for Gambia, The
api | country | Admin for Georgia
api | country | Admin for Germany
api | country | Admin for Ghana
api | country | Admin for Greece
api | country | Admin for Grenada
api | country | Admin for Guatemala
api | country | Admin for Guinea
api | country | Admin for Guyana
api | country | Admin for Venezuela, RB
api | country | Admin for Haiti
api | country | Admin for Honduras
api | country | Admin for Hungary
api | country | Admin for Iceland
api | country | Admin for India
api | country | Admin for Indonesia
api | country | Admin for Iraq
api | country | Admin for Ireland
api | country | Admin for Italy
api | country | Admin for Jamaica
api | country | Admin for Japan
api | country | Admin for Jordan
api | country | Admin for Kenya
api | country | Admin for Kiribati
api | country | Admin for Kuwait
api | country | Admin for Kyrgyz Republic
api | country | Admin for Lao PDR
api | country | Can delete country
api | country | IFRC Admin
api | country | PER Core Admin
api | country | PER Admin for Ukraine
api | country | PER Admin for Yemen
api | country | PER Admin for Latvia
api | country | PER Admin for Lebanon
api | country | PER Admin for Lesotho
api | country | PER Admin for Liberia
api | country | PER Admin for Liechtenstein
api | country | PER Admin for Lithuania
api | country | PER Admin for Luxembourg
api | country | PER Admin for North Macedonia, Republic of
api | country | PER Admin for Madagascar
api | country | PER Admin for Serbia and Montenegro
api | country | PER Admin for Malawi
api | country | PER Admin for Malaysia
api | country | PER Admin for Mali
api | country | PER Admin for Malta
api | country | PER Admin for Mauritania
api | country | PER Admin for Mauritius
api | country | PER Admin for Mexico
api | country | PER Admin for Monaco
api | country | PER Admin for Morocco
api | country | PER Admin for Zambia
api | country | PER Admin for Mozambique
api | country | PER Admin for Myanmar
api | country | PER Admin for Namibia
api | country | PER Admin for Nepal
api | country | PER Admin for Netherlands
api | country | PER Admin for New Zealand
api | country | PER Admin for Nicaragua
api | country | PER Admin for Niger
api | country | PER Admin for Nigeria
api | country | PER Admin for Norway
api | country | PER Admin for Zimbabwe
api | country | PER Admin for Palau
api | country | PER Admin for Pakistan
api | country | PER Admin for Panama
api | country | PER Admin for Papua New Guinea
api | country | PER Admin for Paraguay
api | country | PER Admin for Peru
api | country | PER Admin for Philippines
api | country | PER Admin for Portugal
api | country | PER Admin for Qatar
api | country | PER Admin for Afghanistan
api | country | PER Admin for Romania
api | country | PER Admin for Russian Federation
api | country | PER Admin for Rwanda
api | country | PER Admin for Samoa
api | country | PER Admin for Saudi Arabia
api | country | PER Admin for Albania
api | country | PER Admin for Senegal
api | country | PER Admin for Seychelles
api | country | PER Admin for Sierra Leone
api | country | PER Admin for Singapore
api | country | PER Admin for Slovakia
api | country | PER Admin for Slovenia
api | country | PER Admin for Solomon Islands
api | country | PER Admin for Somalia
api | country | PER Admin for South Africa
api | country | PER Admin for Spain
api | country | PER Admin for Algeria
api | country | PER Admin for Sri Lanka
api | country | PER Admin for Sudan
api | country | PER Admin for Eswatini
api | country | PER Admin for Sweden
api | country | PER Admin for Switzerland
api | country | PER Admin for Tajikistan
api | country | PER Admin for Thailand
api | country | PER Admin for Andorra
api | country | PER Admin for Togo
api | country | PER Admin for Tonga
api | country | PER Admin for Trinidad and Tobago
api | country | PER Admin for Tunisia
api | country | PER Admin for Turkey
api | country | PER Admin for Turkmenistan
api | country | PER Admin for Uganda
api | country | PER Admin for St. Kitts and Nevis
api | country | PER Admin for St. Lucia
api | country | PER Admin for St. Vincent and the Grenadines
api | country | PER Admin for Angola
api | country | PER Admin for Suriname
api | country | PER Admin for Burkina Faso
api | country | PER Admin for Côte d'Ivoire
api | country | PER Admin for Guinea-Bissau
api | country | PER Admin for Congo, Rep.
api | country | PER Admin for Sao Tomé and Principe
api | country | PER Admin for Comoros
api | country | PER Admin for Congo, Dem. Rep.
api | country | PER Admin for Eritrea
api | country | PER Admin for Tanzania, United Republic of
api | country | PER Admin for Antigua and Barbuda
api | country | PER Admin for Viet Nam
api | country | PER Admin for Republic of Korea
api | country | PER Admin for Democratic People's Republic of Korea
api | country | PER Admin for Mongolia
api | country | PER Admin for Micronesia, Federated States of
api | country | PER Admin for Bosnia and Herzegovina
api | country | PER Admin for Poland
api | country | PER Admin for United Arab Emirates
api | country | PER Admin for Argentina
api | country | PER Admin for Azerbaijan
api | country | PER Admin for Kazakhstan
api | country | PER Admin for Moldova
api | country | PER Admin for Iran, Islamic Republic of
api | country | PER Admin for Libya
api | country | PER Admin for Palestine
api | country | PER Admin for Syrian Arab Republic
api | country | PER Admin for Benin
api | country | PER Admin for Armenia
api | country | PER Admin for Timor-Leste
api | country | PER Admin for Cook Islands
api | country | PER Admin for Marshall Islands
api | country | PER Admin for Tuvalu
api | country | PER Admin for Anguilla
api | country | PER Admin for Australia
api | country | PER Admin for Israel
api | country | PER Admin for Maldives
api | country | PER Admin for Cyprus
api | country | PER Admin for Austria
api | country | PER Admin for Antarctica
api | country | PER Admin for Aruba
api | country | PER Admin for Bermuda
api | country | PER Admin for Bhutan
api | country | PER Admin for Gibraltar
api | country | PER Admin for Bahamas, The
api | country | PER Admin for Midway Island
api | country | PER Admin for Nauru
api | country | PER Admin for Niue
api | country | PER Admin for Pitcairn
api | country | PER Admin for Oman
api | country | PER Admin for Bahrain
api | country | PER Admin for San Marino, Republic of
api | country | PER Admin for Saint Helena
api | country | PER Admin for Western Sahara
api | country | PER Admin for Bangladesh
api | country | PER Admin for Montenegro
api | country | PER Admin for Serbia
api | country | PER Admin for Holy See (Vatican City State)
api | country | PER Admin for Macao
api | country | PER Admin for Barbados
api | country | PER Admin for Americas Region
api | country | PER Admin for Asia-Pacific Region
api | country | PER Admin for Africa Region
api | country | PER Admin for Europe Region
api | country | PER Admin for MENA Region
api | country | PER Admin for IFRC
api | country | PER Admin for Belarus
api | country | PER Admin for South Sudan, Rep. Of
api | country | PER Admin for Southern Africa Country Cluster
api | country | PER Admin for Central Africa Country Cluster
api | country | PER Admin for Eastern Africa and Indian Ocean Islands Country Cluster
api | country | PER Admin for Western Africa Country Cluster
api | country | PER Admin for The Sahel Country Cluster
api | country | PER Admin for Tunis Country Cluster
api | country | PER Admin for Dubai Country Cluster
api | country | PER Admin for Beijing Country Cluster
api | country | PER Admin for Southern Asia Country Cluster
api | country | PER Admin for United Kingdom
api | country | PER Admin for Belgium
api | country | PER Admin for Bangkok Country Cluster
api | country | PER Admin for Jakarta Country Cluster
api | country | PER Admin for Suva Country Cluster
api | country | PER Admin for South Cone and Brazil Country Cluster
api | country | PER Admin for Andean Country Cluster
api | country | PER Admin for English Speaking Caribbean Country Cluster
api | country | PER Admin for Latin Caribbean Country Cluster
api | country | PER Admin for Tegucigalpa Country Cluster
api | country | PER Admin for Guatemala City Country Cluster
api | country | PER Admin for Central and South-Eastern Europe Country Cluster
api | country | PER Admin for Belize
api | country | PER Admin for Central Asia Country Cluster
api | country | PER Admin for Russia, Belarus and Moldova Country Cluster
api | country | PER Admin for South Caucasus Country Cluster
api | country | PER Admin for Benelux
api | country | PER Admin for Bolivia
api | country | PER Admin for Botswana
api | country | PER Admin for Brazil
api | country | PER Admin for Brunei Darussalam
api | country | PER Admin for Bulgaria
api | country | PER Admin for Burundi
api | country | PER Admin for United States
api | country | PER Admin for Cambodia
api | country | PER Admin for Cameroon
api | country | PER Admin for Canada
api | country | PER Admin for Cape Verde
api | country | PER Admin for Central African Republic
api | country | PER Admin for Chad
api | country | PER Admin for Chile
api | country | PER Admin for China
api | country | PER Admin for Colombia
api | country | PER Admin for Uruguay
api | country | PER Admin for Costa Rica
api | country | PER Admin for Croatia
api | country | PER Admin for Cuba
api | country | PER Admin for Czech Republic
api | country | PER Admin for Denmark
api | country | PER Admin for Djibouti
api | country | PER Admin for Dominica
api | country | PER Admin for Dominican Republic
api | country | PER Admin for Uzbekistan
api | country | PER Admin for Ecuador
api | country | PER Admin for Egypt, Arab Rep.
api | country | PER Admin for El Salvador
api | country | PER Admin for Equatorial Guinea
api | country | PER Admin for Estonia
api | country | PER Admin for Ethiopia
api | country | PER Admin for Fiji
api | country | PER Admin for Finland
api | country | PER Admin for France
api | country | PER Admin for Gabon
api | country | PER Admin for Vanuatu
api | country | PER Admin for Gambia, The
api | country | PER Admin for Georgia
api | country | PER Admin for Germany
api | country | PER Admin for Ghana
api | country | PER Admin for Greece
api | country | PER Admin for Grenada
api | country | PER Admin for Guatemala
api | country | PER Admin for Guinea
api | country | PER Admin for Guyana
api | country | PER Admin for Venezuela
api | country | PER Admin for Haiti
api | country | PER Admin for Honduras
api | country | PER Admin for Hungary
api | country | PER Admin for Iceland
api | country | PER Admin for India
api | country | PER Admin for Indonesia
api | country | PER Admin for Iraq
api | country | PER Admin for Ireland
api | country | PER Admin for Italy
api | country | PER Admin for Jamaica
api | country | PER Admin for Japan
api | country | PER Admin for Jordan
api | country | PER Admin for Kenya
api | country | PER Admin for Kiribati
api | country | PER Admin for Kuwait
api | country | PER Admin for Kyrgyzstan
api | country | PER Admin for Lao People's Democratic Republic
api | country | Can view country
api | country contact | Can add country contact
api | country contact | Can change country contact
api | country contact | Can delete country contact
api | country contact | Can view country contact
api | country geoms | Can add country geoms
api | country geoms | Can change country geoms
api | country geoms | Can delete country geoms
api | country geoms | Can view country geoms
api | country key figure | Can add country key figure
api | country key figure | Can change country key figure
api | country key figure | Can delete country key figure
api | country key figure | Can view country key figure
api | country link | Can add country link
api | country link | Can change country link
api | country link | Can delete country link
api | country link | Can view country link
api | Country of Field Report to review | Can add Country of Field Report to review
api | Country of Field Report to review | Can change Country of Field Report to review
api | Country of Field Report to review | Can delete Country of Field Report to review
api | Country of Field Report to review | Can view Country of Field Report to review
api | country snippet | Can add country snippet
api | country snippet | Can change country snippet
api | country snippet | Can delete country snippet
api | country snippet | Can view country snippet
api | cronjob log record | Can add Cronjob log record
api | cronjob log record | Can change Cronjob log record
api | cronjob log record | Can delete Cronjob log record
api | cronjob log record | Can view Cronjob log record
api | disaster type | Can add disaster type
api | disaster type | Can change disaster type
api | disaster type | Can delete disaster type
api | disaster type | Can view disaster type
api | district | Can add district
api | district | Can change district
api | district | Can delete district
api | district | Can view district
api | district geoms | Can add district geoms
api | district geoms | Can change district geoms
api | district geoms | Can delete district geoms
api | district geoms | Can view district geoms
api | emergency operations dataset | Can add Emergency Operations Dataset
api | emergency operations dataset | Can change Emergency Operations Dataset
api | emergency operations dataset | Can delete Emergency Operations Dataset
api | emergency operations dataset | Can view Emergency Operations Dataset
api | emergency operations emergency appeal | Can add Emergency Operations Emergency Appeal
api | emergency operations emergency appeal | Can change Emergency Operations Emergency Appeal
api | emergency operations emergency appeal | Can delete Emergency Operations Emergency Appeal
api | emergency operations emergency appeal | Can view Emergency Operations Emergency Appeal
api | emergency operations final report | Can add Emergency Operations Final Report
api | emergency operations final report | Can change Emergency Operations Final Report
api | emergency operations final report | Can delete Emergency Operations Final Report
api | emergency operations final report | Can view Emergency Operations Final Report
api | emergency operations people reached | Can add Emergency Operations People Reached
api | emergency operations people reached | Can change Emergency Operations People Reached
api | emergency operations people reached | Can delete Emergency Operations People Reached
api | emergency operations people reached | Can view Emergency Operations People Reached
api | erpguid | Can add erpguid
api | erpguid | Can change erpguid
api | erpguid | Can delete erpguid
api | erpguid | Can view erpguid
api | emergency | Can add Emergency
api | emergency | Can change Emergency
api | emergency | Can delete Emergency
api | emergency | Can view Emergency
api | event contact | Can add event contact
api | event contact | Can change event contact
api | event contact | Can delete event contact
api | event contact | Can view event contact
api | event featured document | Can add event featured document
api | event featured document | Can change event featured document
api | event featured document | Can delete event featured document
api | event featured document | Can view event featured document
api | event link | Can add event link
api | event link | Can change event link
api | event link | Can delete event link
api | event link | Can view event link
api | export | Can add export
api | export | Can change export
api | export | Can delete export
api | export | Can view export
api | external partner | Can add external partner
api | external partner | Can change external partner
api | external partner | Can delete external partner
api | external partner | Can view external partner
api | field report | Can add field report
api | field report | Can change field report
api | field report | Can delete field report
api | field report | Can view field report
api | field report contacts | Can add field report contact
api | field report contacts | Can change field report contact
api | field report contacts | Can delete field report contact
api | field report contacts | Can view field report contact
api | gdacs event | Can add gdacs event
api | gdacs event | Can change gdacs event
api | gdacs event | Can delete gdacs event
api | gdacs event | Can view gdacs event
api | gec code | Can add gec code
api | gec code | Can change gec code
api | gec code | Can delete gec code
api | gec code | Can view gec code
api | general document | Can add general document
api | general document | Can change general document
api | general document | Can delete general document
api | general document | Can view general document
api | key figure | Can add key figure
api | key figure | Can change key figure
api | key figure | Can delete key figure
api | key figure | Can view key figure
api | main contact | Can add main contact
api | main contact | Can change main contact
api | main contact | Can delete main contact
api | main contact | Can view main contact
api | user profile | Can add User profile
api | user profile | Can change User profile
api | user profile | Can delete User profile
api | user profile | Can view User profile
api | region | Can add region
api | region | Can change region
api | region | Can delete region
api | region | Dref Admin for 1
api | region | Dref Admin for 2
api | region | Dref Admin for 3
api | region | Dref Admin for 4
api | region | PER Admin for Africa
api | region | PER Admin for Americas
api | region | PER Admin for Asia Pacific
api | region | PER Admin for Europe
api | region | PER Admin for Mena
api | region | Admin for Africa
api | region | Admin for Americas
api | region | Admin for Asia Pacific
api | region | Admin for Europe
api | region | Admin for Mena
api | region | Can view region
api | region contact | Can add region contact
api | region contact | Can change region contact
api | region contact | Can delete region contact
api | region contact | Can view region contact
api | region emergencies snippet | Can add region emergencies snippet
api | region emergencies snippet | Can change region emergencies snippet
api | region emergencies snippet | Can delete region emergencies snippet
api | region emergencies snippet | Can view region emergencies snippet
api | region key figure | Can add region key figure
api | region key figure | Can change region key figure
api | region key figure | Can delete region key figure
api | region key figure | Can view region key figure
api | region link | Can add region link
api | region link | Can change region link
api | region link | Can delete region link
api | region link | Can view region link
api | region preparedness snippet | Can add region preparedness snippet
api | region preparedness snippet | Can change region preparedness snippet
api | region preparedness snippet | Can delete region preparedness snippet
api | region preparedness snippet | Can view region preparedness snippet
api | region profile snippet | Can add region profile snippet
api | region profile snippet | Can change region profile snippet
api | region profile snippet | Can delete region profile snippet
api | region profile snippet | Can view region profile snippet
api | region snippet | Can add region snippet
api | region snippet | Can change region snippet
api | region snippet | Can delete region snippet
api | region snippet | Can view region snippet
api | reversion difference log | Can add reversion difference log
api | reversion difference log | Can change reversion difference log
api | reversion difference log | Can delete reversion difference log
api | reversion difference log | Can view reversion difference log
api | situation report | Can add situation report
api | situation report | Can change situation report
api | situation report | Can delete situation report
api | situation report | Can view situation report
api | situation report type | Can add situation report type
api | situation report type | Can change situation report type
api | situation report type | Can delete situation report type
api | situation report type | Can view situation report type
api | snippet | Can add snippet
api | snippet | Can change snippet
api | snippet | Can delete snippet
api | snippet | Can view snippet
api | source | Can add source
api | source | Can change source
api | source | Can delete source
api | source | Can view source
api | source type | Can add source type
api | source type | Can change source type
api | source type | Can delete source type
api | source type | Can view source type
api | supported activity | Can add supported activity
api | supported activity | Can change supported activity
api | supported activity | Can delete supported activity
api | supported activity | Can view supported activity
api | User Country | Can add User Country
api | User Country | Can change User Country
api | User Country | Can delete User Country
api | User Country | Can view User Country
api | Regional Admin | Can add Regional Admin
api | Regional Admin | Can change Regional Admin
api | Regional Admin | Can delete Regional Admin
api | Regional Admin | Can view Regional Admin
auth | group | Can add group
auth | group | Can change group
auth | group | Can delete group
auth | group | Can view group
auth | permission | Can add permission
auth | permission | Can change permission
auth | permission | Can delete permission
auth | permission | Can view permission
auth | user | Can add user
auth | user | Can change user
auth | user | Can delete user
auth | user | Can view user
authtoken | Token | Can add Token
authtoken | Token | Can change Token
authtoken | Token | Can delete Token
authtoken | Token | Can view Token
contenttypes | content type | Can add content type
contenttypes | content type | Can change content type
contenttypes | content type | Can delete content type
contenttypes | content type | Can view content type
country_plan | country plan | Can add country plan
country_plan | country plan | Can change country plan
country_plan | country plan | Can delete country plan
country_plan | country plan | Can view country plan
country_plan | data import | Can add data import
country_plan | data import | Can change data import
country_plan | data import | Can delete data import
country_plan | data import | Can view data import
country_plan | membership coordination | Can add membership coordination
country_plan | membership coordination | Can change membership coordination
country_plan | membership coordination | Can delete membership coordination
country_plan | membership coordination | Can view membership coordination
country_plan | strategic priority | Can add strategic priority
country_plan | strategic priority | Can change strategic priority
country_plan | strategic priority | Can delete strategic priority
country_plan | strategic priority | Can view strategic priority
databank | country overview | Can add country overview
databank | country overview | Can change country overview
databank | country overview | Can delete country overview
databank | country overview | Can view country overview
databank | external source | Can add external source
databank | external source | Can change external source
databank | external source | Can delete external source
databank | external source | Can view external source
databank | Key Client Event | Can add key climate event
databank | Key Client Event | Can change key climate event
databank | Key Client Event | Can delete key climate event
databank | Key Client Event | Can view key climate event
databank | key document | Can add key document
databank | key document | Can change key document
databank | key document | Can delete key document
databank | key document | Can view key document
databank | key document group | Can add key document group
databank | key document group | Can change key document group
databank | key document group | Can delete key document group
databank | key document group | Can view key document group
databank | Seasonal Calender Record | Can add seasonal calender
databank | Seasonal Calender Record | Can change seasonal calender
databank | Seasonal Calender Record | Can delete seasonal calender
databank | Seasonal Calender Record | Can view seasonal calender
databank | Social Event | Can add social event
databank | Social Event | Can change social event
databank | Social Event | Can delete social event
databank | Social Event | Can view social event
deployments | Annual Split | Can add Annual Split
deployments | Annual Split | Can change Annual Split
deployments | Annual Split | Can delete Annual Split
deployments | Annual Split | Can view Annual Split
deployments | Deployed Person | Can add deployed person
deployments | Deployed Person | Can change deployed person
deployments | Deployed Person | Can delete deployed person
deployments | Deployed Person | Can view deployed person
deployments | emergency project | Can add emergency project
deployments | emergency project | Can change emergency project
deployments | emergency project | Can delete emergency project
deployments | emergency project | Can view emergency project
deployments | emergency project activity | Can add emergency project activity
deployments | emergency project activity | Can change emergency project activity
deployments | emergency project activity | Can delete emergency project activity
deployments | emergency project activity | Can view emergency project activity
deployments | emergency project activity action | Can add emergency project activity action
deployments | emergency project activity action | Can change emergency project activity action
deployments | emergency project activity action | Can delete emergency project activity action
deployments | emergency project activity action | Can view emergency project activity action
deployments | emergency project activity action supply | Can add emergency project activity action supply
deployments | emergency project activity action supply | Can change emergency project activity action supply
deployments | emergency project activity action supply | Can delete emergency project activity action supply
deployments | emergency project activity action supply | Can view emergency project activity action supply
deployments | emergency project activity location | Can add emergency project activity location
deployments | emergency project activity location | Can change emergency project activity location
deployments | emergency project activity location | Can delete emergency project activity location
deployments | emergency project activity location | Can view emergency project activity location
deployments | emergency project activity sector | Can add emergency project activity sector
deployments | emergency project activity sector | Can change emergency project activity sector
deployments | emergency project activity sector | Can delete emergency project activity sector
deployments | emergency project activity sector | Can view emergency project activity sector
deployments | Emergency Response Unit | Can add eru
deployments | Emergency Response Unit | Can change eru
deployments | Emergency Response Unit | Can delete eru
deployments | Emergency Response Unit | Can view eru
deployments | ERUs from a National Society | Can add ERUs from a National Society
deployments | ERUs from a National Society | Can change ERUs from a National Society
deployments | ERUs from a National Society | Can delete ERUs from a National Society
deployments | ERUs from a National Society | Can view ERUs from a National Society
deployments | ERU Readiness | Can add ERU Readiness
deployments | ERU Readiness | Can change ERU Readiness
deployments | ERU Readiness | Can delete ERU Readiness
deployments | ERU Readiness | Can view ERU Readiness
deployments | FACT | Can add FACT
deployments | FACT | Can change FACT
deployments | FACT | Can delete FACT
deployments | FACT | Can view FACT
deployments | FACT Person | Can add FACT Person
deployments | FACT Person | Can change FACT Person
deployments | FACT Person | Can delete FACT Person
deployments | FACT Person | Can view FACT Person
deployments | HeOp | Can add HeOp
deployments | HeOp | Can change HeOp
deployments | HeOp | Can delete HeOp
deployments | HeOp | Can view HeOp
deployments | molnix tag | Can add molnix tag
deployments | molnix tag | Can change molnix tag
deployments | molnix tag | Can delete molnix tag
deployments | molnix tag | Can view molnix tag
deployments | Molnix Tag Group | Can add Molnix Tag Group
deployments | Molnix Tag Group | Can change Molnix Tag Group
deployments | Molnix Tag Group | Can delete Molnix Tag Group
deployments | Molnix Tag Group | Can view Molnix Tag Group
deployments | Partner society activity | Can add partner society activities
deployments | Partner society activity | Can change partner society activities
deployments | Partner society activity | Can delete partner society activities
deployments | Partner society activity | Can view Partner society activity
deployments | Partner Society Deployment | Can add partner society deployment
deployments | Partner Society Deployment | Can change partner society deployment
deployments | Partner Society Deployment | Can delete partner society deployment
deployments | Partner Society Deployment | Can view partner society deployment
deployments | Personnel | Can add personnel
deployments | Personnel | Can change personnel
deployments | Personnel | Can delete personnel
deployments | Personnel | Can view personnel
deployments | Personnel Deployment | Can add personnel deployment
deployments | Personnel Deployment | Can change personnel deployment
deployments | Personnel Deployment | Can delete personnel deployment
deployments | Personnel Deployment | Can view personnel deployment
deployments | Project | Can add project
deployments | Project | Can change project
deployments | Project | Can delete project
deployments | Project | Can view project
deployments | Project Import | Can add project import
deployments | Project Import | Can change project import
deployments | Project Import | Can delete project import
deployments | Project Import | Can view project import
deployments | RDRT/RIT | Can add RDRT/RIT
deployments | RDRT/RIT | Can change RDRT/RIT
deployments | RDRT/RIT | Can delete RDRT/RIT
deployments | RDRT/RIT | Can view RDRT/RIT
deployments | RDRT/RIT Person | Can add RDRT/RIT Person
deployments | RDRT/RIT Person | Can change RDRT/RIT Person
deployments | RDRT/RIT Person | Can delete RDRT/RIT Person
deployments | RDRT/RIT Person | Can view RDRT/RIT Person
deployments | Regional Project | Can add regional project
deployments | Regional Project | Can change regional project
deployments | Regional Project | Can delete regional project
deployments | Regional Project | Can view regional project
deployments | Project Sector | Can add Project Sector
deployments | Project Sector | Can change Project Sector
deployments | Project Sector | Can delete Project Sector
deployments | Project Sector | Can view Project Sector
deployments | Project Sector Tag | Can add Project Sector Tag
deployments | Project Sector Tag | Can change Project Sector Tag
deployments | Project Sector Tag | Can delete Project Sector Tag
deployments | Project Sector Tag | Can view Project Sector Tag
clockedschedule | Can add clocked
clockedschedule | Can change clocked
clockedschedule | Can delete clocked
clockedschedule | Can view clocked
crontabschedule | Can add crontab
crontabschedule | Can change crontab
crontabschedule | Can delete crontab
crontabschedule | Can view crontab
intervalschedule | Can add interval
intervalschedule | Can change interval
intervalschedule | Can delete interval
intervalschedule | Can view interval
periodictask | Can add periodic task
periodictask | Can change periodic task
periodictask | Can delete periodic task
periodictask | Can view periodic task
periodictasks | Can add periodic tasks
periodictasks | Can change periodic tasks
periodictasks | Can delete periodic tasks
periodictasks | Can view periodic tasks
solarschedule | Can add solar event
solarschedule | Can change solar event
solarschedule | Can delete solar event
solarschedule | Can view solar event
dref | dref | Can add dref
dref | dref | Can change dref
dref | dref | Can delete dref
dref | dref | Can view dref
drefcountrydistrict | Can add dref country district
drefcountrydistrict | Can change dref country district
drefcountrydistrict | Can delete dref country district
drefcountrydistrict | Can view dref country district
dref | dref file | Can add dref file
dref | dref file | Can change dref file
dref | dref file | Can delete dref file
dref | dref file | Can view dref file
dreffileupload | Can add dref file upload
dreffileupload | Can change dref file upload
dreffileupload | Can delete dref file upload
dreffileupload | Can view dref file upload
dref | Dref Final Report | Can add dref final report
dref | Dref Final Report | Can change dref final report
dref | Dref Final Report | Can delete dref final report
dref | Dref Final Report | Can view dref final report
dreffinalreportcountrydistrict | Can add dref final report country district
dreffinalreportcountrydistrict | Can change dref final report country district
dreffinalreportcountrydistrict | Can delete dref final report country district
dreffinalreportcountrydistrict | Can view dref final report country district
dref | Dref Operational Update | Can add Dref Operational Update
dref | Dref Operational Update | Can change Dref Operational Update
dref | Dref Operational Update | Can delete Dref Operational Update
dref | Dref Operational Update | Can view Dref Operational Update
drefoperationalupdatecountrydistrict | Can add dref operational update country district
drefoperationalupdatecountrydistrict | Can change dref operational update country district
drefoperationalupdatecountrydistrict | Can delete dref operational update country district
drefoperationalupdatecountrydistrict | Can view dref operational update country district
dref | identified need | Can add identified need
dref | identified need | Can change identified need
dref | identified need | Can delete identified need
dref | identified need | Can view identified need
dref | national society action | Can add national society action
dref | national society action | Can change national society action
dref | national society action | Can delete national society action
dref | national society action | Can view national society action
dref | planned intervention | Can add planned intervention
dref | planned intervention | Can change planned intervention
dref | planned intervention | Can delete planned intervention
dref | planned intervention | Can view planned intervention
dref | planned intervention indicator | Can add planned intervention indicator
dref | planned intervention indicator | Can change planned intervention indicator
dref | planned intervention indicator | Can delete planned intervention indicator
dref | planned intervention indicator | Can view planned intervention indicator
dref | risk security | Can add risk security
dref | risk security | Can change risk security
dref | risk security | Can delete risk security
dref | risk security | Can view risk security
dref | source information | Can add source information
dref | source information | Can change source information
dref | source information | Can delete source information
dref | source information | Can view source information
eap | Action | Can add Action
eap | Action | Can change Action
eap | Action | Can delete Action
eap | Action | Can view Action
eap | Early Action Protocol | Can add Early Action Protocol
eap | Early Action Protocol | Can change Early Action Protocol
eap | Early Action Protocol | Can delete Early Action Protocol
eap | Early Action Protocol | Can view Early Action Protocol
eap | EAP Partner | Can add EAP Partner
eap | EAP Partner | Can change EAP Partner
eap | EAP Partner | Can delete EAP Partner
eap | EAP Partner | Can view EAP Partner
eap | EAP Reference | Can add EAP Reference
eap | EAP Reference | Can change EAP Reference
eap | EAP Reference | Can delete EAP Reference
eap | EAP Reference | Can view EAP Reference
eap | Early Action | Can add Early Action
eap | Early Action | Can change Early Action
eap | Early Action | Can delete Early Action
eap | Early Action | Can view Early Action
eap | Early Action Indicator | Can add Early Action Indicator
eap | Early Action Indicator | Can change Early Action Indicator
eap | Early Action Indicator | Can delete Early Action Indicator
eap | Early Action Indicator | Can view Early Action Indicator
flash_update | donor group | Can add donor group
flash_update | donor group | Can change donor group
flash_update | donor group | Can delete donor group
flash_update | donor group | Can view donor group
flash_update | donor | Can add donors
flash_update | donor | Can change donors
flash_update | donor | Can delete donors
flash_update | donor | Can view donors
flash_update | flash action | Can add flash action
flash_update | flash action | Can change flash action
flash_update | flash action | Can delete flash action
flash_update | flash action | Can view flash action
flash_update | actions taken flash | Can add actions taken flash
flash_update | actions taken flash | Can change actions taken flash
flash_update | actions taken flash | Can delete actions taken flash
flash_update | actions taken flash | Can view actions taken flash
flash_update | flash country district | Can add flash country district
flash_update | flash country district | Can change flash country district
flash_update | flash country district | Can delete flash country district
flash_update | flash country district | Can view flash country district
flash_update | flash email subscription | Can add flash email subscriptions
flash_update | flash email subscription | Can change flash email subscriptions
flash_update | flash email subscription | Can delete flash email subscriptions
flash_update | flash email subscription | Can view flash email subscriptions
flash_update | flash graphic map | Can add flash graphic map
flash_update | flash graphic map | Can change flash graphic map
flash_update | flash graphic map | Can delete flash graphic map
flash_update | flash graphic map | Can view flash graphic map
flash_update | flash reference | Can add flash reference
flash_update | flash reference | Can change flash reference
flash_update | flash reference | Can delete flash reference
flash_update | flash reference | Can view flash reference
flash_update | Flash update | Can add Flash update
flash_update | Flash update | Can change Flash update
flash_update | Flash update | Can delete Flash update
flash_update | Flash update | Can view Flash update
flash_update | flash update share | Can add flash update share
flash_update | flash update share | Can change flash update share
flash_update | flash update share | Can delete flash update share
flash_update | flash update share | Can view flash update share
guardian | group object permission | Can add group object permission
guardian | group object permission | Can change group object permission
guardian | group object permission | Can delete group object permission
guardian | group object permission | Can view group object permission
guardian | user object permission | Can add user object permission
guardian | user object permission | Can change user object permission
guardian | user object permission | Can delete user object permission
guardian | user object permission | Can view user object permission
lang | String | Can add String
lang | String | Can change String
lang | String | Can delete String
lang | String | Language (API Level Access)
lang | String | Language (API Level Access)
lang | String | Language (API Level Access)
lang | String | Language (API Level Access)
lang | String | Can view String
local_units | delegation office | Can add delegation office
local_units | delegation office | Can change delegation office
local_units | delegation office | Can delete delegation office
local_units | delegation office | Can view delegation office
local_units | delegation office type | Can add delegation office type
local_units | delegation office type | Can change delegation office type
local_units | delegation office type | Can delete delegation office type
local_units | delegation office type | Can view delegation office type
local_units | local unit | Can add local unit
local_units | local unit | Can change local unit
local_units | local unit | Can delete local unit
local_units | local unit | Can view local unit
local_units | local unit level | Can add local unit level
local_units | local unit level | Can change local unit level
local_units | local unit level | Can delete local unit level
local_units | local unit level | Can view local unit level
local_units | local unit type | Can add local unit type
local_units | local unit type | Can change local unit type
local_units | local unit type | Can delete local unit type
local_units | local unit type | Can view local unit type
notifications | notification guid | Can add notification guid
notifications | notification guid | Can change notification guid
notifications | notification guid | Can delete notification guid
notifications | notification guid | Can view notification guid
notifications | Subscription | Can add subscription
notifications | Subscription | Can change subscription
notifications | Subscription | Can delete subscription
notifications | Subscription | Can view subscription
notifications | Surge Alert | Can add surge alert
notifications | Surge Alert | Can change surge alert
notifications | Surge Alert | Can delete surge alert
notifications | Surge Alert | Can view surge alert
per | area response | Can add area response
per | area response | Can change area response
per | area response | Can delete area response
per | area response | Can view area response
per | PER Assessment Type | Can add PER Assessment Type
per | PER Assessment Type | Can change PER Assessment Type
per | PER Assessment Type | Can delete PER Assessment Type
per | PER Assessment Type | Can view PER Assessment Type
per | custom per work plan component | Can add custom per work plan component
per | custom per work plan component | Can change custom per work plan component
per | custom per work plan component | Can delete custom per work plan component
per | custom per work plan component | Can view custom per work plan component
draft | Can add Draft Form
draft | Can change Draft Form
draft | Can delete Draft Form
draft | Can view Draft Form
erureadiness | Can add ERU Readiness
erureadiness | Can change ERU Readiness
erureadiness | Can delete ERU Readiness
per | Form | Can add form
per | Form | Can change form
per | Form | Can delete form
per | Form | Can view Form
per | form answer | Can add form answer
per | form answer | Can change form answer
per | form answer | Can delete form answer
per | form answer | Can view form answer
per | form area | Can add form area
per | form area | Can change form area
per | form area | Can delete form area
per | form area | Can view form area
per | form component | Can add form component
per | form component | Can change form component
per | form component | Can delete form component
per | form component | Can view form component
per | form component question and answer | Can add form component question and answer
per | form component question and answer | Can change form component question and answer
per | form component question and answer | Can delete form component question and answer
per | form component question and answer | Can view form component question and answer
per | form component response | Can add form component response
per | form component response | Can change form component response
per | form component response | Can delete form component response
per | form component response | Can view form component response
per | Form Data | Can add Form Data
per | Form Data | Can change Form Data
per | Form Data | Can delete Form Data
per | Form Data | Can view Form Data
per | form prioritization | Can add form prioritization
per | form prioritization | Can change form prioritization
per | form prioritization | Can delete form prioritization
per | form prioritization | Can view form prioritization
per | form prioritization component | Can add form prioritization component
per | form prioritization component | Can change form prioritization component
per | form prioritization component | Can delete form prioritization component
per | form prioritization component | Can view form prioritization component
per | form question | Can add form question
per | form question | Can change form question
per | form question | Can delete form question
per | form question | Can view form question
per | PER Document | Can add PER Document
per | PER Document | Can change PER Document
per | PER Document | Can delete PER Document
per | PER Document | Can view PER Document
per | NS PER Process Phase | Can add NS PER Process Phase
per | NS PER Process Phase | Can change NS PER Process Phase
per | NS PER Process Phase | Can delete NS PER Process Phase
per | NS PER Process Phase | Can view NS PER Process Phase
per | Operational Learning | Can add Operational Learning
per | Operational Learning | Can change Operational Learning
per | Operational Learning | Can delete Operational Learning
per | Operational Learning | Can view Operational Learning
per | Organization type | Can add Organization type
per | Organization type | Can change Organization type
per | Organization type | Can delete Organization type
per | Organization type | Can view Organization type
per | PER General Overview | Can add PER General Overview
per | PER General Overview | Can change PER General Overview
per | PER General Overview | Can delete PER General Overview
per | PER General Overview | Can view PER General Overview
per | per assessment | Can add per assessment
per | per assessment | Can change per assessment
per | per assessment | Can delete per assessment
per | per assessment | Can view per assessment
per | per component rating | Can add per component rating
per | per component rating | Can change per component rating
per | per component rating | Can delete per component rating
per | per component rating | Can view per component rating
per | per file | Can add per file
per | per file | Can change per file
per | per file | Can delete per file
per | per file | Can view per file
per | per work plan | Can add per work plan
per | per work plan | Can change per work plan
per | per work plan | Can delete per work plan
per | per work plan | Can view per work plan
per | per work plan component | Can add per work plan component
per | per work plan component | Can change per work plan component
per | per work plan component | Can delete per work plan component
per | per work plan component | Can view per work plan component
per | PER Work Plan | Can add PER Work Plan
per | PER Work Plan | Can change PER Work Plan
per | PER Work Plan | Can delete PER Work Plan
per | PER Work Plan | Can view PER Work Plan
registrations | Domain Whitelist | Can add domain whitelist
registrations | Domain Whitelist | Can change domain whitelist
registrations | Domain Whitelist | Can delete domain whitelist
registrations | Domain Whitelist | Can view domain whitelist
registrations | Pending user | Can add Pending user
registrations | Pending user | Can change Pending user
registrations | Pending user | Can delete Pending user
registrations | Pending user | Can view Pending user
registrations | Recovery | Can add recovery
registrations | Recovery | Can change recovery
registrations | Recovery | Can delete recovery
registrations | Recovery | Can view recovery
reversion | revision | Can add revision
reversion | revision | Can change revision
reversion | revision | Can delete revision
reversion | revision | Can view revision
reversion | version | Can add version
reversion | version | Can change version
reversion | version | Can delete version
reversion | version | Can view version
sessions | session | Can add session
sessions | session | Can change session
sessions | session | Can delete session
sessions | session | Can view session
apiaccess | Can add api access
apiaccess | Can change api access
apiaccess | Can delete api access
apiaccess | Can view api access
apikey | Can add api key
apikey | Can change api key
apikey | Can delete api key
apikey | Can view api key
api | region | Dref Admin for 0

Permission Groups

The available permission are listed below:

List of permission groups extracted from IFRC Go production (2024-04-10)

0 Dref Regional Admins
0 Regional Admins
1 Dref Regional Admins
1 Regional Admins
2 Dref Regional Admins
2 Regional Admins
3 Dref Regional Admins
3 Regional Admins
4 Dref Regional Admins
4 Regional Admins
Afghanistan Admins
Afghanistan Country PER Admins
Africa Region Admins
Africa Regional Admins
Africa Regional PER Admins
Aksai Chin Admins
Aland Island Admins
Albania Admins
Albania Country PER Admins
Algeria Admins
Algeria Country PER Admins
American Samoa Admins
Americas Region Admins
Americas Regional Admins
Americas Regional PER Admins
Andean Country Cluster Country PER Admins
Andorra Admins
Andorra Country PER Admins
Angola Admins
Angola Country PER Admins
Anguilla Admins
Anguilla Country PER Admins
Antarctica Admins
Antarctica Country PER Admins
Antigua and Barbuda Admins
Antigua and Barbuda Country PER Admins
Argentina Admins
Argentina Country PER Admins
Armenia Admins
Armenia Country PER Admins
Aruba Admins
Aruba Country PER Admins
Ashmore and Cartier Islands Admins
Asia-Pacific Region Admins
Asia Pacific Regional Admins
Asia Pacific Regional PER Admins
Australia Admins
Australia Country PER Admins
Austria Admins
Austria Country PER Admins
Azerbaijan Admins
Azerbaijan Country PER Admins
Bahamas Admins
Bahamas, The Admins
Bahamas, The Country PER Admins
Bahrain Admins
Bahrain Country PER Admins
Baker Island Admins
Bangkok Country Cluster Admins
Bangkok Country Cluster Country PER Admins
Bangladesh Admins
Bangladesh Country PER Admins
Barbados Admins
Barbados Country PER Admins
Bassas da India Admins
Beijing Country Cluster Admins
Beijing Country Cluster Country PER Admins
Belarus Admins
Belarus Country PER Admins
Belgium Admins
Belgium Country PER Admins
Belize Admins
Belize Country PER Admins
Benelux Admins
Benelux Country PER Admins
Benin Admins
Benin Country PER Admins
Bermuda Admins
Bermuda Country PER Admins
Bhutan Admins
Bhutan Country PER Admins
Bird Island Admins
Bir Tawil Admins
Bolivia Admins
Bolivia Country PER Admins
Bosnia and Herzegovina Admins
Bosnia and Herzegovina Country PER Admins
Botswana Admins
Botswana Country PER Admins
Bouvet Island Admins
Brazil Admins
Brazil Country PER Admins
British Indian Ocean Territory Admins
British Indian Overseas Territories Admins
British Virgin Islands Admins
Brunei Darussalam Admins
Brunei Darussalam Country PER Admins
Bulgaria Admins
Bulgaria Country PER Admins
Burkina Faso Admins
Burkina Faso Country PER Admins
Burundi Admins
Burundi Country PER Admins
Cabo Verde Admins
Cambodia Admins
Cambodia Country PER Admins
Cameroon Admins
Cameroon Country PER Admins
Canada Admins
Canada Country PER Admins
Cape Verde Admins
Cape Verde Country PER Admins
Caribbean Country Cluster Admins
Cayman Islands Admins
Central Africa Country Cluster Admins
Central Africa Country Cluster Country PER Admins
Central African Republic Admins
Central African Republic Country PER Admins
Central America Country Cluster Admins
Central and South-Eastern Europe Country Cluster Admins
Central and South-Eastern Europe Country Cluster Country PER Admins
Central Asia Country Cluster Admins
Central Asia Country Cluster Country PER Admins
Chad Admins
Chad Country PER Admins
Chile Admins
Chile Country PER Admins
China Admins
China Country PER Admins
Christmas Island Admins
Christmas Island, Territory of Admins
Clipperton Island Admins
Cocos Islands, Territory of Admins
Cocos (Keeling) Islands Admins
Colombia Admins
Colombia Country PER Admins
Comoros Admins
Comoros Country PER Admins
Congo Admins
Congo, Dem. Rep. Admins
Congo, Dem. Rep. Country PER Admins
Congo, Rep. Admins
Congo, Rep. Country PER Admins
Cook Islands Admins
Cook Islands Country PER Admins
Costa Rica Admins
Costa Rica Country PER Admins
Côte d'Ivoire Admins
Côte d'Ivoire Country PER Admins
Croatia Admins
Croatia Country PER Admins
Cuba Admins
Cuba Country PER Admins
Cuba, Haiti and Dominican Republic Country Cluster Admins
Cyprus Admins
Cyprus Country PER Admins
Czech Republic Admins
Czech Republic Country PER Admins
Democratic People's Republic of Korea Admins
Democratic People's Republic of Korea Country PER Admins
Democratic Republic of Congo Admins
Denmark Admins
Denmark Country PER Admins
Djibouti Admins
Djibouti Country PER Admins
Dominica Admins
Dominica Country PER Admins
Dominican Republic Admins
Dominican Republic Country PER Admins
Dubai Country Cluster Admins
Dubai Country Cluster Country PER Admins
East Africa Country Cluster Admins
Eastern Africa and Indian Ocean Islands Country Cluster Admins
Eastern Africa and Indian Ocean Islands Country Cluster Country PER Admins
Ecuador Admins
Ecuador Country PER Admins
Egypt Admins
Egypt, Arab Rep. Admins
Egypt, Arab Rep. Country PER Admins
El Salvador Admins
El Salvador Country PER Admins
English Speaking Caribbean Country Cluster Country PER Admins
Equatorial Guinea Admins
Equatorial Guinea Country PER Admins
Eritrea Admins
Eritrea Country PER Admins
Estonia Admins
Estonia Country PER Admins
Eswatini Country PER Admins
Eswatini, Kingdom of Admins
Ethiopia Admins
Ethiopia Country PER Admins
Europa Island Admins
Europe Region Admins
Europe Regional Admins
Europe Regional PER Admins
Falkland Islands (Malvinas) Admins
Faroe Islands Admins
Fiji Admins
Fiji Country PER Admins
Finland Admins
Finland Country PER Admins
France Admins
France Country PER Admins
French Guiana Admins
French Polynesia Admins
French Southern and Antarctic Lands Admins
Gabon Admins
Gabon Country PER Admins
Gambia, Republic of The Admins
Gambia, The Admins
Gambia, The Country PER Admins
Georgia Admins
Georgia Country PER Admins
Germany Admins
Germany Country PER Admins
Ghana Admins
Ghana Country PER Admins
Gibraltar Admins
Gibraltar Country PER Admins
Glorioso Island Admins
Greece Admins
Greece Country PER Admins
Greenland Admins
Grenada Admins
Grenada Country PER Admins
Guadeloupe Admins
Guam Admins
Guatemala Admins
Guatemala City Country Cluster Admins
Guatemala City Country Cluster Country PER Admins
Guatemala Country PER Admins
Guernesey Admins
Guernsey Admins
Guinea Admins
Guinea-Bissau Admins
Guinea-Bissau Country PER Admins
Guinea Country PER Admins
Guyana Admins
Guyana Country PER Admins
Haiti Admins
Haiti Country PER Admins
Hala'ib triangle Admins
Heard I. & McDonald Is. Admins
Heard Island and McDonald Islands Admins
Holy See (Vatican City State) Admins
Holy See (Vatican City State) Country PER Admins
Honduras Admins
Honduras Country PER Admins
Hong Kong (China) Admins
Howland Island Admins
Hungary Admins
Hungary Country PER Admins
Iceland Admins
Iceland Country PER Admins
ICRC Admins
IFRC Admins
IFRC Country PER Admins
Ilemi triangle Admins
India Admins
India Country PER Admins
Indian Ocean Islands Country Cluster Admins
Indonesia Admins
Indonesia Country PER Admins
Iran, Islamic Rep. Admins
Iran, Islamic Republic of Admins
Iran, Islamic Republic of Country PER Admins
Iraq Admins
Iraq Country PER Admins
Ireland Admins
Ireland Country PER Admins
Isle of Man Admins
Israel Admins
Israel Country PER Admins
Italy Admins
Italy Country PER Admins
Jakarta Country Cluster Admins
Jakarta Country Cluster Country PER Admins
Jamaica Admins
Jamaica Country PER Admins
Japan Admins
Japan Country PER Admins
Jarvis Island Admins
Jersey Admins
Johnston Atoll Admins
Jordan Admins
Jordan Country PER Admins
Juan de Nova Island Admins
Kazakhstan Admins
Kazakhstan Country PER Admins
Kenya Admins
Kenya Country PER Admins
Kiribati Admins
Kiribati Country PER Admins
Korea, Dem. Rep. Admins
Korea, Rep. Admins
Kosovo Admins
Kuril islands Admins
Kuwait Admins
Kuwait Country PER Admins
Kyrgyz Republic Admins
Kyrgyzstan Admins
Kyrgyzstan Country PER Admins
Language maintainers (Admin Panel)
Lao PDR Admins
Lao People's Democratic Republic Admins
Lao People's Democratic Republic Country PER Admins
Latin Caribbean Country Cluster Country PER Admins
Latvia Admins
Latvia Country PER Admins
Lebanon Admins
Lebanon Country PER Admins
Lesotho Admins
Lesotho Country PER Admins
Liancourt Rocks Admins
Liberia Admins
Liberia Country PER Admins
Libya Admins
Libya Country PER Admins
Libyan Arab Jamahiriya Admins
Liechtenstein Admins
Liechtenstein Country PER Admins
Lithuania Admins
Lithuania Country PER Admins
Logistics MobTables
Luxembourg Admins
Luxembourg Country PER Admins
Macao Admins
Macao Country PER Admins
Macedonia, FYR Admins
Madagascar Admins
Madagascar Country PER Admins
Malawi Admins
Malawi Country PER Admins
Malaysia Admins
Malaysia Country PER Admins
Maldives Admins
Maldives Country PER Admins
Mali Admins
Mali Country PER Admins
Malta Admins
Malta Country PER Admins
Marshall Islands Admins
Marshall Islands Country PER Admins
Martinique Admins
Mauritania Admins
Mauritania Country PER Admins
Mauritius Admins
Mauritius Country PER Admins
Mayotte Admins
MENA Region Admins
Mena Regional Admins
Mena Regional PER Admins
Mexico Admins
Mexico Country PER Admins
Micronesia, Federated States of Admins
Micronesia, Federated States of Country PER Admins
Micronesia, Fed. Sts. Admins
Middle East & North Africa Regional Admins
Midway Island Admins
Midway Island Country PER Admins
Moldova Admins
Moldova Country PER Admins
Moldova, Republic of Admins
Monaco Admins
Monaco Country PER Admins
Mongolia Admins
Mongolia Country PER Admins
Montenegro Admins
Montenegro Country PER Admins
Montserrat Admins
Morocco Admins
Morocco Country PER Admins
Moscow Country Cluster Admins
Mozambique Admins
Mozambique Country PER Admins
Myanmar Admins
Myanmar Country PER Admins
Namibia Admins
Namibia Country PER Admins
Nauru Admins
Nauru Country PER Admins
Navassa Island Admins
Nepal Admins
Nepal Country PER Admins
Netherlands Admins
Netherlands Antilles Admins
Netherlands Country PER Admins
New Caledonia Admins
New Delhi Country Cluster Admins
New Zealand Admins
New Zealand Country PER Admins
Nicaragua Admins
Nicaragua Country PER Admins
Niger Admins
Niger Country PER Admins
Nigeria Admins
Nigeria Country PER Admins
Niue Admins
Niue Country PER Admins
Norfolk Island Admins
Norkolk Island Admins
North America and Mexico Country Cluster Admins
Northern Mariana Island Admins
Northern Mariana Islands Admins
North Macedonia Admins
North Macedonia, Republic of Country PER Admins
Norway Admins
Norway Country PER Admins
Oman Admins
Oman Country PER Admins
Pakistan Admins
Pakistan Country PER Admins
Palau Admins
Palau Country PER Admins
Palestine Admins
Palestine Country PER Admins
Palestinian territories Admins
Panama Admins
Panama Country PER Admins
Papua New Guinea Admins
Papua New Guinea Country PER Admins
Paracel Islands Admins
Paraguay Admins
Paraguay Country PER Admins
PER
PER Core Admins
Peru Admins
Peru Country PER Admins
Philippines Admins
Philippines Country PER Admins
Pitcairn Admins
Pitcairn Country PER Admins
Poland Admins
Poland Country PER Admins
Portugal Admins
Portugal Country PER Admins
Puerto Rico Admins
Qatar Admins
Qatar Country PER Admins
Read only
Regional IM Delegate for Africa
Regional IM Delegate for Americas
Regional IM Delegate for Asia-Pacific
Regional IM Delegate for Europe
Regional IM Delegate for MENA
Republic of Korea Admins
Republic of Korea Country PER Admins
Reunion Admins
Romania Admins
Romania Country PER Admins
Russia, Belarus and Moldova Country Cluster Country PER Admins
Russian Federation Admins
Russian Federation Country PER Admins
Rwanda Admins
Rwanda Country PER Admins
Sahel Country Cluster Admins
Saint Helena Admins
Saint Helena Country PER Admins
Saint Kitts and Nevis Admins
Saint Lucia Admins
Saint Vincent and the Grenadines Admins
Samoa Admins
Samoa Country PER Admins
San Marino Admins
San Marino, Republic of Admins
San Marino, Republic of Country PER Admins
Sao Tome and Principe Admins
Sao Tomé and Principe Admins
Sao Tomé and Principe Country PER Admins
Saudi Arabia Admins
Saudi Arabia Country PER Admins
Scarborough Reef Admins
Senegal Admins
Senegal Country PER Admins
Senkaku Islands Admins
Serbia Admins
Serbia and Montenegro Admins
Serbia and Montenegro Country PER Admins
Serbia Country PER Admins
Seychelles Admins
Seychelles Country PER Admins
Sierra Leone Admins
Sierra Leone Country PER Admins
Singapore Admins
Singapore Country PER Admins
Slovakia Admins
Slovakia Country PER Admins
Slovenia Admins
Slovenia Country PER Admins
Solomon Islands Admins
Solomon Islands Country PER Admins
Somalia Admins
Somalia Country PER Admins
South Africa Admins
South Africa Country PER Admins
South America Country Cluster Admins
South Caucasus Country Cluster Admins
South Caucasus Country Cluster Country PER Admins
South Cone and Brazil Country Cluster Country PER Admins
Southern Africa Country Cluster Admins
Southern Africa Country Cluster Country PER Admins
Southern Asia Country Cluster Country PER Admins
Southern Cone Country Cluster Admins
South Georgia and the South Sandwich Is. Admins
South Georgia and the South Sandwich Island Admins
South Sudan Admins
South Sudan, Rep. Of Admins
South Sudan, Rep. Of Country PER Admins
Spain Admins
Spain Country PER Admins
Spratly Islands Admins
Sri Lanka Admins
Sri Lanka Country PER Admins
St. Kitts and Nevis Admins
St. Kitts and Nevis Country PER Admins
St. Lucia Admins
St. Lucia Country PER Admins
St. Martin (French part) Admins
St. Pierre et Miquelon Admins
St. Vincent and the Grenadines Admins
St. Vincent and the Grenadines Country PER Admins
Sudan Admins
Sudan Country PER Admins
Surge IM
Surge Readiness for NS
Suriname Admins
Suriname Country PER Admins
Suva Country Cluster Admins
Suva Country Cluster Country PER Admins
Svalbard and Jan Mayen Admins
Swaziland Admins
Sweden Admins
Sweden Country PER Admins
Switzerland Admins
Switzerland Country PER Admins
Syrian Arab Republic Admins
Syrian Arab Republic Country PER Admins
Tajikistan Admins
Tajikistan Country PER Admins
Tanzania, United Republic of Admins
Tanzania, United Republic of Country PER Admins
Tegucigalpa Country Cluster Admins
Tegucigalpa Country Cluster Country PER Admins
Thailand Admins
Thailand Country PER Admins
The Sahel Country Cluster Country PER Admins
Timor-Leste Admins
Timor-Leste Country PER Admins
Togo Admins
Togo Country PER Admins
Tokelau Admins
Tonga Admins
Tonga Country PER Admins
Trinidad and Tobago Admins
Trinidad and Tobago Country PER Admins
Tromelin Island Admins
Tunis Country Cluster Admins
Tunis Country Cluster Country PER Admins
Tunisia Admins
Tunisia Country PER Admins
Turkey Admins
Turkey Country PER Admins
Türkiye Admins
Turkmenistan Admins
Turkmenistan Country PER Admins
Turks and Caicos islands Admins
Turks and Caicos Islands Admins
Tuvalu Admins
Tuvalu Country PER Admins
Uganda Admins
Uganda Country PER Admins
Ukraine Admins
Ukraine Country PER Admins
United Arab Emirates Admins
United Arab Emirates Country PER Admins
United Kingdom Admins
United Kingdom Country PER Admins
United States Admins
United States Country PER Admins
United States Minor Outlying Islands Admins
United States Virgin Islands Admins
Uruguay Admins
Uruguay Country PER Admins
Uzbekistan Admins
Uzbekistan Country PER Admins
Vanuatu Admins
Vanuatu Country PER Admins
Venezuela Admins
Venezuela Country PER Admins
Venezuela, RB Admins
Viet Nam Admins
Viet Nam Country PER Admins
Virgin Islands, British Admins
Virgin Islands, US Admins
Wake Island Admins
Wallis and Futuna Admins
West Coast Country Cluster Admins
Western Africa Country Cluster Country PER Admins
Western Sahara Admins
Western Sahara Country PER Admins
Yemen Admins
Yemen Country PER Admins
Yemen, Rep. Admins
Zambia Admins
Zambia Country PER Admins
Zimbabwe Admins
Zimbabwe Country PER Admins

These are not all the permissions groups used in the system

Shortcomings

Admin Panel Access

Admin Panel by-passes all the guards in-place that ensures data integrity.

Permission can also be updated directly resulting in unexpected results.

Users can be removed/added to groups.
Permissions can be assigned/revoked from groups. This can result in out-of-sync permission with the permissions defined in the codebase

Permissions and groups are not discoverable

The internal implementations of a permission system should not be exposed to the user. We currently have 608 permission groups in Django Admin Panel which is not even close with the user roles discussed above.

These followings queries cannot be easily answered from the UI provided by the current permission system:

What are the permissions of this person?
Which users have this permission?
What are the permissions of this group?
Which users are added to this group?

Inconsistent implementation of roles and permissions

Permission should be granular.

Permissions should be define a certain action or access. For example,

dref | Dref Final Report | Can add dref final report

Here, the permission is clear, concise and self descriptive. It describes one single action.

We should avoid permission that defines multiple action or unclear action. For example,

api | country | PER Admin for Nepal

Here, we do not know what underlying actions a PER Admin for Nepal can perform. Or, what sort of actions are applicable with this permision. This defines more of a "role" than a "permission".

Permission should not be coupled with a particular entity (e.g. Country or Region)

We should not have permissions like DREF Admin for Africa since it is coupled with an entity (i.e. Africa Region).

The same permission group but for different countries should not have different permissions

Since we're creating a separate permission for each country (or region), it is possible to have different privileges on same type of permissions.
E.g. We cannot be sure that Nepal Country Admin will have similar level of privileges to Afghanistan Country Admin

Suggestions

Separate out Roles and Permissions

A Permission should be a well defined action/access
A Role should be a set of Permissions

Implement an abstraction layer over Django's built-in permission system

We should add a layer of abstraction to extend the application of permissions to our need in the GO.

We can group the existing roles into the following:

System Roles

User	Role
Daniel Tovari	IFRC Admin
John Doe	Member
...

We can filter out the above table by user, role

Country Roles

User	Role	Country
Anibal Castillo	PER Country Admin	Nepal
Anibal Castillo	PER Country Admin	South Sudan
Manorama Gautam	Country Admin	Nepal
Manorama Gautam	PER Country Admin	Nepal
...

We can filter out the above table by user, role, country

Regional Roles

User	Role	Region
Dedi Jundai	Regional Admin	Asia Pacific
Marco Vargas	Regional Admin	Europe
Marco Vargas	Regional Admin	Asia Pacific
Marco Vargas	DREF Regional Admin	Americas
...

We can filter out the above table by user, role, region

Simplify and move user management UI in GO web application

We should add a new page that will be visible to users that can view and manage permissions.

Appendix

We should clearly define the list of actions that can be performed by each roles in this Google sheet.

IFRC GO Permission Matrix

nanometrenat · 2024-04-11T12:56:06Z

nanometrenat
Apr 11, 2024
Maintainer

xref existing tickets incl

Accomodate Complex Permissions go-api#1568 - Accommodate complex permissions
[PROD] Regional Admin permissions go-api#1946 - Regional Admin permissions

0 replies

tovari · 2024-04-11T12:58:40Z

tovari
Apr 11, 2024
Maintainer

Thanks. Would you mind to elaborate this?:
"Permissions can be assigned/revoked from groups. This can result in out-of-sync permission with the permissions defined in the codebase"

0 replies

frozenhelium · 2024-04-15T09:22:27Z

frozenhelium
Apr 15, 2024
Maintainer

@tovari It means that the groups are created using a script from the code base with specific set of permissions, but it can be changed / updated from the admin panel which now is different from what's mentioned in the code base. We have a lot of places in the code base where the permissions are assumed to be static and in the format that we populated it using the scripts. This can potentially affect the behavior of the system and cause unexpected results. So, to avoid this scenario, we're aiming to make all the permissions and roles static (i.e not modifiable from admin panel or the database). The aim is to make those permissions invisible to the admins (Those who manage the users) and provide a simplified interface only with the roles, which can be assigned to or revoked from the users.
CC @nanometrenat

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Simplified Permission Model #853

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 3 comments

{{title}}

{{title}}

{{title}}

Select a reply

Simplified Permission Model #853

tnagorra Apr 11, 2024 Maintainer

Permission System

Background

User roles in IFRC GO

Visibility in IFRC GO

User profiles in IFRC GO: Country and Region

Current Implementation

Permission

Permission Groups

Shortcomings

Admin Panel Access

Permissions and groups are not discoverable

Inconsistent implementation of roles and permissions

Permission should be granular.

Permission should not be coupled with a particular entity (e.g. Country or Region)

The same permission group but for different countries should not have different permissions

Suggestions

Separate out Roles and Permissions

Implement an abstraction layer over Django's built-in permission system

System Roles

Country Roles

Regional Roles

Simplify and move user management UI in GO web application

Appendix

Replies: 3 comments

nanometrenat Apr 11, 2024 Maintainer

tovari Apr 11, 2024 Maintainer

frozenhelium Apr 15, 2024 Maintainer

tnagorra
Apr 11, 2024
Maintainer

nanometrenat
Apr 11, 2024
Maintainer

tovari
Apr 11, 2024
Maintainer

frozenhelium
Apr 15, 2024
Maintainer