[CORE-145] Users with LDS access can view de-identified data (i.e. reports) - i2b2 JIRA

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7.02
Fix Version/s: 1.7.04
Component/s: CRC Cell
Labels:
None

Rank:
0|i000db:

Affects View/s:

Timeline View
i2b2 Feature/s:

Roles Based Access
i2b2 Sponsored Project/s:

i2b2 Core

Affects Database/s:

All databases
Affects Web Browser/s:

All Web Browsers

Reproduction Notes:
This can be reproduced in the i2b2 testing environment (release 1.7.02).
Testing Notes:

Hide
Tested with build 1.7.04.0001 and the issue still exists.

Tested with build 1.7.04.0002 and this issue appears to be working correctly.

Show
Tested with build 1.7.04.0001 and the issue still exists. Tested with build 1.7.04.0002 and this issue appears to be working correctly.

Description

Users with Limited data access are able to view de-identified data in the i2b2. Users with DATA_LDS should not be able to see any data that can be encrypted.

Only those users with DATA_DEID (de-identified) access can view information that can be encrypted (i.e. text in the *_blob columns). If the data is encrypted the user will still need the decryption key to decrypt the data before viewing it.

Attachments

Activity

People

Assignee:

Janice Donahoe

Reporter:

Janice Donahoe

Participant/s:

Janice Donahoe

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

02/Sep/14 12:58 PM

Updated:

02/Oct/14 1:05 PM

Resolved:

02/Oct/14 11:48 AM