From 7bf09f02494d3d1c5211b9e2d14d55d812650c29 Mon Sep 17 00:00:00 2001
From: Carlos Tejo Alonso <1654811+dayures@users.noreply.github.com>
Date: Fri, 21 Mar 2025 08:40:26 +0100
Subject: [PATCH] feat: adding a note explaining userroles available
Based on https://community.dhis2.org/t/user-cannot-access-roles-when-creating-another-user/2984/2 from @larshelge
---
src/user/manage-users-user-roles-and-user-groups.md | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/user/manage-users-user-roles-and-user-groups.md b/src/user/manage-users-user-roles-and-user-groups.md
index 593a328a7..77d84e44a 100644
--- a/src/user/manage-users-user-roles-and-user-groups.md
+++ b/src/user/manage-users-user-roles-and-user-groups.md
@@ -225,6 +225,12 @@ names or organisation unit level names.
6. In the **Available roles** section, double-click the user roles you want to assign to the user.
+> **Note**
+>
+> The general rule is that users can only give user roles to others if they themselves have all of the authorities in those roles.
+> The concept of allowing people to give out authorities they don’t have themselves is not secure anyway, since they could easily grant themselves a new user account with those extra authorities.
+> For allowing a user to grant his own user roles to other, you have to go to settings > access > and check "Allow users to grant own user roles".
+
7. Select **Data capture and maintenance organisation units**.
The data capture and maintenance organisation units control for which organisation units the user can do data entry. You must assign at least one data capture and maintenance organisation unit to each user.