RMS - Security model for requests

http://trac.sahanapy.org/wiki/NextforHMS

* Security - enable role management - this is an urgent requirement assigned to sysadmin team: Praneeth (lead), Tim & Dan. Need written recommendation sent to mark by e-mail by 1600Z on 28 January 2010; meeting in #sahana-py at 1700Z on 28 January. Background: security for personnel on ground makes it inadvisable to publish publicly the needs and fulfillment information that might be embedded in the HMS - i.e. publishing that medical supplies are to be delivered to this place at this time might put the shipment and relief workers lives at risk. We need a plan to implement role-based access to different Sahana libraries. I need the sysadmin team to advise which of the following requirements is possible to do through front-end configuration of SahanaPy? security settings (preferred) and which will require coding changes (not preferred). Alternatives are welcome. The team should also evaluate and advise on the impact shutting down read-only public access to parts of sahana will have on our feeds of data on hospital locations and hospital management data. Requirements:

1) Public/anonymous access: Read only access to OR, RMS Twitter and 4636 Messages.

2) Option to make HMS hospitals feed with location and general information - but not the shortages table - publicly available

3) Can we hide individual fields (like beds available, security status, facility status) from public view without code changes?

4) Registered users: Read only access to entire system (adding PR and HMS / HMS shortages)

5) Entry users: Registered users who are given add/edit/update/delete access to OR, PR, HMS

6) Options to create additional groups that have add/edit/update/delete access to each individual registry - and bundle people that way. e.g. Tim has write privileges to OR and PR but not HMS or RMS; Praneeth has write privileges to RMS but nothing else; Dan has write privileges to RMS, OR, and PR but not HMS.