Roles & privileges
Roles and Privileges in PBMS have been organized into three tiers
High level groups
High level groups - mapping to - Low level groups
Low level groups - mapping to - Odoo models & buttons
High level groups
These groups are organized based on business functions. From an end-user perspective, department users (staff members) are assigned to the high-level groups.
Each high-level group is internally linked to one or more low-level groups. These low-level groups define the RUCD (Read, Update, Create, Delete) permissions for various Odoo models.
The high-level groups available for user mapping are as follows
Program Administration
Edit programs, add benefit codes, view service providers and geography, create enrolment and disbursement cycles and view lists inside them
Enrolment Operation
View & Create Enrolment Cycles Create Beneficiary lists (enrolment lists) inside Enrolment Cycles
Enrolment Verification
Verify Enrolment lists and add observations (upload documents to support their observations)
Enrolment Approval
Approve a beneficiary list (enrolment list) as final list under an enrolment cycle
Disbursement Operation
View & Create Disbursement Cycles Create Beneficiary lists (disbursement lists) inside Disbursement Cycles
Disbursement Verification
Verify Disbursement lists and add observations (upload documents to support their observations)
Disbursement Approval
Approve a beneficiary list (disbursement list) as final list under an enrolment cycle
Service Provider Operation
View and Create Agencies and Warehouses Associate Benefit codes to Agencies and Warehouses Associate Geographies to Agencies and Warehouses
Geography Operation
View and Create Administrative Areas (Large & Small)
Audit Operation
View Access to the entire PBMS application
Program Super Administration
Edit programs, add benefit codes, view service providers and geography, create enrolment and disbursement cycles and view lists inside them — BUT NOT RESTRICTED by PROGRAM ACCESS. This role has access to all the programs defined in PBMS.
PBMS uses Keycloak for user identity management, authentication, and authorization. In Keycloak, the high-level groups described above must be defined as roles and associated to users.
High level groups to Low level groups - mapping
Program Administration
group_abstract_model_viewer group_agency_viewer group_warehouse_viewer group_geography_viewer group_beneficiary_list_viewer group_benefit_codes_editor group_program_editor group_program_viewer group_enrolment_editor group_disbursement_editor group_priority_rules_viewer
Enrolment Operation
group_beneficiary_list_editor group_beneficiary_list_viewer group_enrolment_editor group_program_viewer group_benefit_codes_viewer group_disbursement_viewer
Enrolment Verification
group_beneficiary_list_verifier group_beneficiary_list_viewer group_enrolment_viewer group_program_viewer group_benefit_codes_viewer group_disbursement_viewer
Enrolment Approval
group_enrolment_approver group_beneficiary_list_viewer group_enrolment_viewer group_program_viewer group_benefit_codes_viewer group_disbursement_viewer
Disbursement Operation
group_beneficiary_list_editor group_beneficiary_list_viewer group_disbursement_editor group_priority_rules_editor group_program_viewer group_benefit_codes_viewer group_enrolment_viewer
Disbursement Verification
group_disbursement_viewer group_beneficiary_list_verifier group_beneficiary_list_viewer group_priority_rules_viewer group_program_viewer group_benefit_codes_viewer group_enrolment_viewer
Disbursement Approval
group_disbursement_viewer group_disbursement_approver group_beneficiary_list_viewer group_priority_rules_viewer group_program_viewer group_benefit_codes_viewer group_enrolment_viewer
Service Provider Operation
group_agency_editor group_agency_viewer group_warehouse_editor group_warehouse_viewer group_program_viewer group_benefit_codes_viewer
Geography Operation
group_geography_editor group_geography_viewer
Audit Operation
group_abstract_model_viewer group_benefit_codes_viewer group_agency_viewer group_beneficiary_list_viewer group_disbursement_viewer group_enrolment_viewer group_geography_viewer group_priority_rules_viewer group_program_viewer group_warehouse_viewer
Program Super Administration
group_agency_viewer group_benefit_code_editor group_program_editor group_warehouse_viewer group_geography_viewer group_beneficiary_list_editor group_beneficiary_list_verifier group_enrolment_editor group_enrolment_approver group_disbursement_editor group_disbursement_approver group_priority_rules_editor
Low level groups to Odoo models - mapping
Models with 1,1,1,1 (R,W,C,D) - access rights
g2p_agency
group_agency_editor
g2p_warehouse
group_warehouse_editor
g2p_benefit_codes
group_benefit_codes_editor
g2p_agency_program_benefit_codes
group_benefit_codes_editor
g2p_warehouse_program_benefit_codes
group_warehouse_editor
g2p_administrative_area_small
group_geography_editor
g2p_administrative_area_large
group_geography_editor
g2p_program_definition
group_program_editor
g2p_program_benefit_codes
group_benefit_codes_editor
g2p_eligibility_rule_definition
group_program_editor
g2p_beneficiary_list
group_beneficiary_list_editor
g2p_enrollment_cycle
group_enrolment_editor
g2p_bgtask_summary_wizard
group_enrolment_editor
g2p_api_summary_line
group_program_editor
g2p_api_disbursement_envelope_line
group_program_editor
g2p_api_disbursement_batch_line
group_program_editor
g2p_entitlement_rule_definition
group_program_editor
g2p_disbursement_cycle
group_disbursement_editor
g2p_priority_rule_definition
group_priority_rules_editor
g2p_disbursement_envelope_summary_wizard
group_disbursement_editor
g2p_disbursement_envelope_summary_geo
group_disbursement_editor
g2p_disbursement_batch_summary_wizard
group_disbursement_editor
g2p_disbursement_batch_summary_geo
group_disbursement_editor
Models with 1,0,0,0 (R,W,C,D) - access rights
g2p_agency
group_agency_viewer
g2p_warehouse
group_warehouse_viewer
g2p_benefit_codes
group_benefit_codes_viewer
g2p_agency_program_benefit_codes
group_benefit_codes_viewer
g2p_warehouse_program_benefit_codes
group_warehouse_viewer
g2p_administrative_area_small
group_geography_viewer
g2p_administrative_area_large
group_geography_viewer
g2p_program_definition
group_program_viewer
g2p_program_benefit_codes
group_benefit_codes_viewer
g2p_eligibility_rule_definition
group_program_viewer
g2p_beneficiary_list
group_beneficiary_list_viewer
g2p_enrollment_cycle
group_enrolment_viewer
g2p_bgtask_summary_wizard
g2p_api_summary_line
group_program_viewer
g2p_api_disbursement_envelope_line
group_program_viewer
g2p_api_disbursement_batch_line
group_program_viewer
g2p_entitlement_rule_definition
group_program_viewer
g2p_disbursement_cycle
group_disbursement_viewer
g2p_priority_rule_definition
group_priority_rules_viewer
g2p_disbursement_envelope_summary_wizard
g2p_disbursement_envelope_summary_geo
group_disbursement_viewer
g2p_disbursement_batch_summary_wizard
g2p_disbursement_batch_summary_geo
group_disbursement_viewer
Models with 1,1,1,0 (R,W,C,D) - access rights
g2p_bgtask_summary_wizard
group_enrolment_viewer
g2p_disbursement_envelope_summary_wizard
group_disbursement_viewer
g2p_disbursement_batch_summary_wizard
group_disbursement_viewer
Buttons with access rights
Verification Button
group_beneficiary_list_verifier
Approve Enrolment Button
group_enrolment_approver
Approve Disbursement Button
group_disbursement_approver
Create Benefit Code
group_benefit_code_editor
Create L/S Area
group_geography_editor
Create Service Providers
group_warehouse_editor, group_agency_editor
Create Program
group_program_super_administration
Last updated
Was this helpful?