[CORE-145] Users with LDS access can view de-identified data (i.e. reports) Created: 02/Sep/14 Updated: 02/Oct/14 Resolved: 02/Oct/14 |
|
| Status: | Closed |
| Project: | i2b2 Core Software |
| Component/s: | CRC Cell |
| Affects Version/s: | 1.7.02 |
| Fix Version/s: | 1.7.04 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Janice Donahoe | Assignee: | Janice Donahoe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Affects View/s: |
Timeline View
|
| i2b2 Feature/s: |
Roles Based Access
|
| i2b2 Sponsored Project/s: |
i2b2 Core
|
| Affects Database/s: |
All databases
|
| Affects Web Browser/s: |
All Web Browsers
|
| Reproduction Notes: | This can be reproduced in the i2b2 testing environment (release 1.7.02). |
| Testing Notes: | Tested with build 1.7.04.0001 and the issue still exists.
Tested with build 1.7.04.0002 and this issue appears to be working correctly. |
| Participant/s: |
| Description |
|
Users with Limited data access are able to view de-identified data in the i2b2. Users with DATA_LDS should not be able to see any data that can be encrypted.
Only those users with DATA_DEID (de-identified) access can view information that can be encrypted (i.e. text in the *_blob columns). If the data is encrypted the user will still need the decryption key to decrypt the data before viewing it. |