Managing roles and permissions is critical to ensuring that all users have access to the data and functions that are appropriate for them. These roles are managed by mWater users and are managed in various places in the mWater Portal including Surveys, Deployments, Organizations, Sites, and Visualizations (Maps, Dashboards, Datagrids, Consoles). This document gives a brief overview of each of these contexts.
Contents
Overview of Roles and Permissions
Roles and Permissions Overview
Survey
Surveys>Settings
A Survey is a data collection questionnaire or form that is deployed to Enumerators to collect data through the mWater Surveyor app. The Surveys tab has options to Share and Deploy the survey. The Settings tab sets permissions for the survey design itself, while the Deploy tab sets permissions for the data collected via the survey. This section will focus on the Settings tab on the Survey page.
Navigating to Surveys>Share
Managed by
This role adds the Admins of an organization as Administrators of the survey. This allows organizations to better manage all surveys used by their users in their organization. It also allows the tracking of Form Deployment Statistics on the organizational level. For more information see this Feature Update.
Administrator
This role allows a user, group or organization to:
Add/remove/modify questions via the Design tab
Preview the survey design via the Preview tab
Add/remove/modify translations in the Translate tab
Add/remove/modify the permissions in the Share tab
Add/delete/modify deployments via the Deploy tab
Add/remove/modify assignments via the Assignments tab
Approve/reject/delete responses via the Responses tab
View visualization data via the Visualization tab
View user activity via the Activity tab
Add/remove/modify visualizations to the Survey Report
Deploy
This role allows a user, group or organization to:
Preview the survey design via the Preview tab
Add/remove/modify deployments from the Deploy tab
Add/remove/modify assignments via the Assignments tab
Can only view responses, visualizations, and survey reports if a Deployment allows them to view this data
View
This role allows a user, group, or organization to:
Preview the survey design via the Preview tab
Can only view responses, visualizations, and survey reports if a Deployment allows them to view this data
Deployment
A Deployment is a set of roles organized for a specific data collection exercise via a Survey. The deployment defines which users can collect, view, manage, and approve the survey data. Deployments can be managed from 2 locations: 1) the Deploy tab on the Survey page 2) the Organizations page under the Manage tab. The benefits of using the Organizations page is that it allows survey administrators the ability to manage many different deployments via an intuitive organizational chart interface.
1) Survey>Deploy
The Deploy tab on the Survey page is a good way to deploy an individual survey to Enumerators, but if many different surveys and many users are being managed recommended to manage them in the Organizations page (2).
Enumerators
This role allows a user, group, or organization to:
Open the form in the mWater Surveyor app and submit responses.
Modify their finalized after submission and approval responses ONLY IF the "Enumerators can continue to edit or delete their own responses when final" is checked.
Example Enumerator
Viewers
This role allows a user, group, or organization to:
View finalized responses from this deployment
View all indicator values
Managers
This role allows a user, group, or organization to:
View responses at all stages of completion (Draft, Pending, Rejected, Finalized)
Edit responses manually at all stages of completion except Draft
Approve/reject/unreject responses at all stages except Draft
Managers may not approve/reject/unreject responses ONLY IF the "Only allow these approvers to approve or reject responses. Managers can still edit or delete responses" box is checked under advanced.
Viewers of Indicator Values
This role allows a user, group, or organization to:
View only the indicator values collected in this deployment
Example Role for Viewers of Indicator Values
Approval Chain
This role allows a user, group, or organization to:
Approve/reject/unreject responses collected in the deployment
Multiple approval stages may be added to require multiple levels of approvals to finalize responses
Example Approval Roles
2) Manage>Organizations>Deployments
The Organizations page allows an administrator to manage many different deployments in an intuitive interface based on organizational charts.
Differences between Organizations>Deployments and Survey>Deploy
The permissions for Deploying a survey via Organizations is almost identical to that of the Survey>Deploy tab.
The only change to these permissions is the management of Enumerators. Due to the fact that Organizations are hierarchical, it includes options for:
Deploy to whole branch
This will add all users in the branch as enumerators.
Add team
This will add a team that is within the branch as enumerators. Unlike in the Surveys page, there is no need to navigate to the path of the team, instead it can just be selected directly E.g. Add team>"Survey team" instead of "Demonstration Organiation>Country C>Partner A>Survey team".
Add Collaborator
Collaborators allow an organization to delegate data collection to users, groups or organizations outside of their organization without adding them to their organizational chart.
Select...
Add any other users, groups, or organizations to the enumerator role
Organization
An Organization is a structured group of users that each have their own set of permissions. The organization page is represented via an organizational chart with various branches. Each of these branches contains tabs for Teams, Users, Collaborators, Activity Summary, Activity Log, Deployments, and Settings.
Within the Teams tab there are three special roles with predefined permissions: Admins, Managers, Viewers. In addition to these special roles there are user defined "Teams", which contain users or other teams but do not imply a set of permissions for these users.
Note: All special roles in a branch also hold the same special role for the branches below them.
Admins
This role allows a user, group or organization to:
Create lower level branches and teams
Add/remove users to/from the branch (or lower branches)
Change settings for the branch (or lower branches)
Note: Admins of a branch are automatically added as admins of all branches below them.
Managers
This role allows a user, group or organization to:
Automatically be added as managers for all new deployment created in this branch (and lower branches)
Viewers
This role allows a user, group or organization to:
Automatically be added as viewers to all new deployments created in this branch (and lower branches)
Site
A Site is a location that can be monitored using over time. These sites include: Water point, Water system, Water installation, Sanitation facility, Community, etc. Sites are a separate table from Surveys but are connected to Surveys via a site question and a Site's mWater ID. This means that management of sites is done separately from the management of Surveys. Sites permissions can be managed via 1) Simple Mode or 2) Advanced Mode which gives the user more control over permissions.
Navigating to Site Permissions
1) Simple Permissions
Simple permissions is the default for mWater Surveyor and Portal because it defines a set of preset permissions that are most commonly used. These privacy settings include: Public, Protected, and Private.
Managed by
The user or organization that can:
Edit or delete the site data if privacy settings are set to Protected or Private.
If Public is selected, any user may edit or delete the site.
Protected (Recommended)
This setting allow ONLY the "Managed by" user/organization to
Edit and delete the site data
This setting allows ANY USER to:
View basic site information
Reference the site in surveys
Public
This setting allow ANY USER
View, edit and delete the site data
Reference the site in surveys
Private
This setting allow ONLY the "Managed by" user/organization to
View, edit, and delete the site data
Reference the site in surveys
Users that are not in the "Managed by" set, will not see the existence of this data.
2) Advanced Permissions
Admin
This role allows a user, group or organization to:
View site information
Edit the site
Change permissions of the site
Delete the site
Edit
This role allows a user, group or organization to:
View site information
Edit the site
View
This role allows a user, group or organization to:
View site information
Dashboards, Maps, Datagrids and Consoles
Dashboards, Maps, Datagrids and Consoles are used to communicate data collected in the mWater platform in various formats. These data visualization pages share a similar interface for 1) Setting permissions and 2) creating shareable links. Maps, Dashboards, and Datagrids have both 1 and 2 under the "Share" icon, while Consoles has both a "Share" and a "Permissions" icon.
Navigating to Share a Dashboard, Map, Datagrid or Visualization
1) Setting permissions (for mWater users)
Permissions for users with mWater accounts is done through the Share or Permissions icon at the top right of any Dashboard, Map, Datagrid or Console page. Adding a user or organization to either Administrator or Viewer will automatically give them view access to the source data for the page. This view permission does not apply outside of the page.
Administrator
This role allows a user, group or organization to:
Can view, edit or delete the page
Can share the page via setting permissions or creating a shareable link
Can apply quickfilters and clickable filters if present
View
This role allows a user, group or organization to:
Can view the page
Can apply quickfilters and clickable filters if present
2) Creating share links (for non-mWater users)
Shareable links are used for sharing data visualization pages with people that may not have an mWater user account. These links can either display all applicable data or can be locked to a specific quickfiltered set of data.
Create Shareable Link
Allows ANYONE with the shareable link to:
View data visualization page
Can apply quickfilters and clickable filters if present
Create Shareable Link With Quickfilters Locked
This allows an administrator to manage one data visualization page and simply share links with stakeholders that are locked to the data that is appropriate for them.
Allows ANYONE with the shareable link to:
View data visualization page but only the data visible data when the locked quickfilters are applied
Can apply other quickfilters and clickable filters if present
