Seeking clarity on the national_admin role and mm-online role

I’m investigating an issue affecting online users. The online users I am looking at use the role _admin, mm-online or national_admin.

In particular, I’m having troubles with users with the national_admin role. I’m seeing >30 minute load times when viewing the contacts tab. This seems to be because UHC-mode is always on (because these users are admins). This appears to be skipped for _admin users (dbAdmins) but not “national_admins”.

From a quick code inspection, I see other experiences like this where an experience is disabled for admins but always on for national_admins. For example, SideFilterStore, oldActionBar, report tab’s sidebarFilters, tour, and uhc-stats).

I’m also seeing stuff like shared-libs/purging-utils/src/index.js where mm-online is not included in the list of online roles.

I’m seeking some clarity on the intended use and scope of these special roles. I don’t see them in the docs site. Should I avoid using mm-online and national_admin roles or are they recommended? If i do use these roles, should I also include _admin? Are there intentional differences between the _admin experience and the national_admin experience?

Hi @kenn

This is a good question.

  • national_admin is historical, it was the only hardcoded online role, before configurable roles were introduced, and everything around it is so we are backwards compatible with very old configs.

  • mm-online was added when configurable roles were introduced, it’s added by API when a new user is created/edited and none of the selected roles is “offline”. This is the current way of determining whether a user is online-only.

  • _admin is reserved for CouchDb (a “system” role), you won’t be able to add this role to a user manually (eg by editing the user document in the _users database). You can only create _admin users using CouchDb specific APIs.

This appears to be skipped for _admin users (dbAdmins) but not “national_admins”.

This is correct. The reason behind this is that we give _admin users a free pass to everything, no matter the configured permissions, however some actions that would have extremely load loading times are purposely skipped. national_admins 's permissions, and any other roles except _admin, can be configured, and webapp will respect these permissions, and the project administrators can choose whether they want these users to see UHC on the contacts tab or not.

In your specific case, I suggest the permissions for national_admin should be changed so that they don’t load UHC.

1 Like

Thanks. This is helpful!

The can_view_last_visited_date permission is disabled for national_admin users (private). But I am still seeing requests for /medic/_design/medic-client/_view/contacts_by_last_visited when I login with this role.

It appears that here national_admins have all permissions enabled and those permissions can therefore not be turned off. Am I misreading this?

So potential solutions would therefore require me to remove the national_admin role from this user to turn off UHC mode? And to make a new role or grant permissions as-needed to the mm-online role?

1 Like

It appears that here national_admin s have all permissions enabled and those permissions can therefore not be turned off. Am I misreading this?

Oh, thanks for flagging this. I think this is a regression. If I check the blame for the previous version, only _admins had all permissions by default: cht-core/webapp/src/ts/services/auth.service.ts at 1edc93a9555737e2734fb37f4d7883a2fe3c400d · medic/cht-core · GitHub

Opened issue in cht-core: Can't turn off permissions for `national_admin` role in admin app · Issue #8243 · medic/cht-core · GitHub