Access Control
DHIS2 allows you to control access privileges per user and by role, to set expiration dates for user accounts and automatically disable inactive users to help prevent unauthorized system access.
DHIS2 includes industry standard security and privacy features. On this page you can learn more about the customizable features that are available in the core DHIS2 software and DHIS2 Android application.
The fact that DHIS2 is commonly used to capture and analyze health information means that issues of data security and privacy are of paramount importance. The data collected within DHIS2 need to be available to those who have the need and appropriate authority to access it — such as healthcare providers or program managers within a given health system — and secured against unauthorized access by others. In addition to striving to make the software itself as secure as possible, DHIS2 offers a selection of customizable security and privacy features, including user management, encryption, and more. Below, you can read a short overview of select security and privacy features in the core DHIS2 software and Android Capture Application, and a link to our collection of feature spotlight videos on security features.
DHIS2 allows you to control access privileges per user and by role, to set expiration dates for user accounts and automatically disable inactive users to help prevent unauthorized system access.
DHIS2 supports multi-factor authentication using an authenticator app as a second factor.
DHIS2 supports LDAP-compatible directory servers (Active Directory, OpenLDAP, etc.) for user authentication.
DHIS2 supports single sign-on using OpenID Connect (OIDC).
DHIS2 supports granular sharing of individual metadata objects and their associated data. Read and write permissions can be explicitly granted to only certain users and user groups to restrict access to sensitive information.
DHIS2 logs sensitive operations performed by users to an audit log in the filestore or database.
DHIS2 users can be granted explicit access levels to determine exactly which organisation units in the hierarchy that user should be allowed to access for data capture and search
DHIS2 can be configured to allow users with limited data capture access to “break the glass” and search for Tracked Entities outside their capture scope. Breaking the glass requires the user to enter a reason for the operation, which is then logged by the audit service.
DHIS2 supports an operational mode when privileged users can impersonate other users and perform certain actions on their behalf.
Android devices may contain sensitive data they have collected or downloaded from the DHIS2 server. Using the Android Settings App, a system administrator can force all DHIS2 Android applications to use local database encryption, ensuring that the data is inaccessible to unauthorized users even if they gain access to the physical device.
You can watch a selection of Feature Spotlight Videos on security features on the DHIS2 YouTube channel.
For guidelines and best practices on implementing secure DHIS2 systems, please see the DHIS2 documentation.
You can also stay informed about the latest security updates from the DHIS2 security team on the DHIS2 Community of Practice (CoP) by subscribing to posts tagged with “dhis2-security.”