Uploaded image for project: 'i2b2 Core Software'
  1. i2b2 Core Software
  2. CORE-145

Users with LDS access can view de-identified data (i.e. reports)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7.02
    • Fix Version/s: 1.7.04
    • Component/s: CRC Cell
    • Labels:
      None
    • Rank:
      0|i000db:
    • Affects View/s:
      Timeline View
    • i2b2 Feature/s:
      Roles Based Access
    • i2b2 Sponsored Project/s:
      i2b2 Core
    • Affects Database/s:
      All databases
    • Affects Web Browser/s:
      All Web Browsers
    • Reproduction Notes:
      This can be reproduced in the i2b2 testing environment (release 1.7.02).
    • Testing Notes:
      Hide
      Tested with build 1.7.04.0001 and the issue still exists.

      Tested with build 1.7.04.0002 and this issue appears to be working correctly.
      Show
      Tested with build 1.7.04.0001 and the issue still exists. Tested with build 1.7.04.0002 and this issue appears to be working correctly.

      Description

      Users with Limited data access are able to view de-identified data in the i2b2. Users with DATA_LDS should not be able to see any data that can be encrypted.

      Only those users with DATA_DEID (de-identified) access can view information that can be encrypted (i.e. text in the *_blob columns). If the data is encrypted the user will still need the decryption key to decrypt the data before viewing it.

        Attachments

          Activity

            People

            • Assignee:
              jmd86 Janice Donahoe
              Reporter:
              jmd86 Janice Donahoe
              Participant/s:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Git Source Code