Role-Based Login & Access Control

XMLWordPrintable

    • Type: Story
    • Resolution: Done
    • Priority: Medium
    • 2.9
    • Affects Version/s: None

      As an ASHA Supervisor / CHO / ANM, I want to log in using my FLW app credentials so that I can securely access the incentive details only the ASHAs and sub-centres mapped to me, according to my role and assigned geography.

      In FLW App, ASHA Supervisor Module is on the basis of 'Role based User access'. That is after first time user login based on the User role, i.e. as follows:

      1. Role = "ASHA" then show all ASHA comprehensive modules.

      i.e. Call APIs and download data related to ASHA App.

      2. Role = "ASHA Supervisor" or "CHO" or "ANM"or "MO" or "MOIC" then show ASHA Supervisor module as below.

      i.e. Call APIs and download data related to ASHA Supervisor module.

      Functional Flow

      • User Login
        • User enters FLW app credentials.
        • System authenticates credentials.
      • Role Detection
        • System identifies the logged-in user's role:
          • Supervisor
          • CHO
          • ANM
      • Geography Mapping
        • System fetches mapped:
          • ASHAs
          • Sub-centres
        • Only data assigned to the user's geography is retrieved.
      • Access Restriction
        • User sees:
          • Only their mapped ASHAs
          • Only their mapped sub-centres
        • No access to data outside their jurisdiction.
      • API-Level Enforcement
        • Role validation happens at backend.
        • Every API call validates:
          • User authentication
          • Role authorization
          • Geography mapping
        • Unauthorized requests are rejected with proper error codes.

      Acceptance Criteria: 1

      • User logs in via FLW app credentials
      • Role detected (Supervisor / CHO / ANM)
      • User sees only mapped ASHAs and sub-centres
      • Unauthorized users cannot access module
      • Role enforced at API level

      Acceptance Criteria: 2

      1. Role-Based Access to Applications
      • Users with roles CHO, Medical Officer (MO/Doctor), Nurse, Pharmacist, Lab Technician, Registrar, or any combination of these roles, should have access to the HWC application.
      • Users with the CHO role must be able to log in to both FLW and HWC applications.
      1. FLW App Access Control
      • Users with roles ASHAASHA Supervisor, or ANM should have access only to the FLW application.
      • In the FLW app:
        • Users with roles CHOASHA Supervisor, or ANM should have access only to Supervisor modules, and must not access ASHA comprehensive modules.
        • Users with the ASHA role should have access to all ASHA comprehensive modules, but not to Supervisor modules.

        1. image-2026-04-28-12-42-04-979.png
          image-2026-04-28-12-42-04-979.png
          24 kB
        2. image-2026-04-28-12-42-15-664.png
          image-2026-04-28-12-42-15-664.png
          101 kB
        3. image-2026-04-28-12-42-23-404.png
          image-2026-04-28-12-42-23-404.png
          108 kB

              Assignee:
              Deep Shikha
              Reporter:
              Shashank Kharkwal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: