Role design best practices


Creating roles and giving them to users in ActivityInfo is an important part of managing access to data and making sure that project management goes smoothly. This blog post about best practices is meant to help Database administrators create roles, keep roles in good shape, and spend less time and effort managing the system. By thinking about the tips in this article, database managers will only give users in those roles the permissions they need to do their jobs and get as much value as possible from the data to reach their project goals.

Understand user roles and Responsibilities

It's important to remember that roles are a set of Grants and Parameters that you give to a group of people. They make access control easier by grouping the things that people can do in your Database. Assigning roles makes managing users easier and more consistent and efficient, especially when there are a lot of users. This is because the same role can be given to groups of users who are expected to do the same set of tasks and use the same set of resources. This method makes role management easier and improves security by making sure that people only have access to what they need to do their jobs.

With roles, users who interact with resources in a Database are given specific access rights, such as the ability to view, edit, remove, or add data , among other things. Less roles make it easier for an administrator to keep track of and maintain. Using parameters and optional grants, a Database Administrator can still get the freedom they need for different situations.

Before you give design roles, you need to know exactly what the responsibilities of the users are in your project and what their roles are in the Database. This will give you the information you need to decide how to give roles to users. For instance, users who only enter data shouldn't be given management rights. The data entry role should only be able to view, edit, or delete records that it needs to. Administrators, on the other hand, should be able to view, add, edit, delete, and export records, manage users, roles, translations, record locks, add forms, folders, and reports, edit forms, folders, and reports, delete forms, folders, and reports, manage collection links, share reports, publish reports, and audit user actions. In this case, the first steps of data collection from the field are mostly done by Project Officers or Field Staff, who are usually Data Entry Only Users. Most of the time, they are given "add" or "add/view" access, which lets them add new data to the system and maybe look at their own records. This limitation on their role makes it less likely that data will be changed, since these users usually can't edit or delete records once they've been added.

On the other hand, M&E or Information Management Officers, who have a higher level of oversight, generally work as Administrators in the Database. Their job-related responsibilities are broader, and they have to do things like create forms, analyze data, and keep the system running. So, they are given more rights to do things like add, view, edit, and delete records, change how forms look, and set permissions for other users. These come with more responsibility because their jobs are so important to keeping data secure and systems safe. Database administrators can make the process of managing data safer and more efficient by carefully creating and assigning roles based on what each user's job is in the project.

Least Privilege as a rule

Following the principle of least privilege means giving people only the access they need to do their specific jobs. This is done through the grants and parameters that are given to their roles. This can be done by only choosing operations like "add record" and "view record," or by only giving access to certain resources to certain roles in the Database to match the user's responsibilities. You could only let Database managers add or edit records instead of letting all roles do this. For example, only people who are in charge of the Database should be able to change Reference data. This keeps important data from being changed without permission or in the wrong way. In the same way, case workers could only be able to see the records of the cases to which they are given. This makes it less likely that private information will be seen by people who don't need to.

Don't give users too many rights that go beyond what their job requires. This practice reduces the risk that data will be changed or accessed by people who aren't supposed to. For example, if permissions aren't tight enough, there's a higher chance of a data breach, in which private information could be leaked. If there isn't enough control, data can be changed, which can lead to corruption or loss of data and affect the security of the whole Database.

Educate Users on the best ways to keep information secure

Make sure that all users are aware of the best ways to protect information and that the organization's data governance rules are followed. Focus on protecting login information, following password rules, and reporting suspicious activity right away. Encourage users to be aware of the data they can see and to be careful with private information.

Regularly review and update Roles

Review and change the roles and users' assigned to those roles on a regular basis. This should be done based on how operations within roles are used and evolving needs. For example, field workers might have "add/edit" rights that allow them to add records to the baseline survey form while data is being collected. When the time for collecting data is over, the project goes on to the time for analyzing the data. During this time, it's very important to keep the data's security. Most of the time, the original posts shouldn't have any more changes made to them. Now is the time to take "add/edit" actions out of roles that don't need them anymore. After analysis, the project probably goes on to the reporting or archiving stage, where the data might be used to make reports or kept for record-keeping. At this point, even fewer people might need to see the raw data. Access should only be given to people who need it for compliance, archiving, or high-level research.

It is also important to find people who have been given roles but who don't use the permissions that come with those roles. Let's say you find that certain operations aren't being used by the users who have the role, or that they are no longer needed because a user's responsibilities have changed. In that case, we suggest that you update the role to remove the unused actions (if the change affects all users in that group) or put the user in a better role (if the change only affects that person). By evaluating and changing jobs and assignments on a regular basis, you can make sure that access rights stay in line with the user's responsibilities. This lowers the risk of unauthorized actions, duplication and redundancy. In this case, "redundancy" means that a role gives users too much or too little access. Users could get entry rights that aren't relevant to their current roles if they aren't regularly reviewed and changed. This is considered bad practice because the extra entry rights don't add anything useful and can even make security worse. Reviewing and updating roles and users on a regular basis can cut down on security risks and make it less likely that someone will do something without permission.

To go with this step, you can set up a system to track user activity and look for strange or suspicious behavior. Monitoring can help you find possible security holes or illegal actions, so you can take quick steps to reduce risks. The Audit Log in ActivityInfo lets managers see what users do in a Database. This includes, among other things, the ability to track and review actions and changes that happen within your Database, find and recover accidentally deleted records, identify user actions related to adding, editing, or deleting records, monitor changes to folders, locks, roles, and form visibility, keep an eye on user-related events like adding or deleting users, and view detailed information about each event, including the time and user who caused it.


By taking these best practices into account when making roles in ActivityInfo, you can make your Database safer. By giving access based on what each user needs and regularly reviewing these access rights, you can make sure that users have the access rights they need to do their jobs well. Remember that it's important to keep a balance between security and usability if you want to keep private information safe in ActivityInfo.

Next item
Editing a Role