Registration scope - global-121/121-platform GitHub Wiki
Introduction
The scope feature has been introduced to facilitate access control within the 121 platform. This allows for assigning access to registrations based on geographical or organizational units. The scope field has been added to the aidworker assignment per program and registrations.
How Scope Works
First of all, scope only has effect if scope is enabled for a program. This is assumed in the remainder.
The scope is stored as a string that represents the geographical or organizational unit that a user has access to. This can be a whole region or a specific part of a region. Here are some examples:
| Scope | Description |
|---|---|
zeeland.middelburg |
Access to only the "Middelburg" area within "Zeeland" |
zeeland.goes |
Access to only the "Goes" area within "Zeeland" |
zeeland |
Access to the whole "Zeeland" region (so includes "Goes" + "Middelburg") |
limburg.maastricht |
Access to only the "Maastricht" area within "Limburg" |
utrecht.red-cross |
Access to only the "Red Cross"-organization in "Utrecht" |
Registrations would typically have the lowest level of scope in a program, while aid-workers can be assigned to have any level of hierarchy. If you want to view or modify entities, you can only do so for entities that have the same scope as you. For example, a registration with the scope "limburg.maastricht" can be modified by an aid worker that has been assigned the scope "limburg.maastricht" or the scope "limburg" or by an aid-worker that has not been assigned a scope (i.e. "scope: ''").
| Registration (name+scope) | Aid-Worker "Goes" | Aid-Worker "Zeeland" | Aid-Worker '' |
|---|---|---|---|
Person A (zeeland.middelburg) |
🚫 | ✅ | ✅ |
Person B (zeeland.goes) |
✅ | ✅ | ✅ |
Person C (utrecht) |
🚫 | 🚫 | ✅ |
Person D ( ) |
🚫 | 🚫 | ✅ |
When an entity is created, the same scope field is applied to it. This means that when a registration, note, or transaction is created, they have the same scope field as the registration to which it is related.
In summary, the scope feature is a powerful tool for managing access control within the system. It allows for granular control over who can access what resources, based on geographical or organizational units (or anything else that can be (hierarchically) named/defined).