[CORE-145] Users with LDS access can view de-identified data (i.e. reports) Created: 02/Sep/14  Updated: 02/Oct/14  Resolved: 02/Oct/14

Status: Closed
Project: i2b2 Core Software
Component/s: CRC Cell
Affects Version/s: 1.7.02
Fix Version/s: 1.7.04

Type: Bug Priority: Critical
Reporter: Janice Donahoe Assignee: Janice Donahoe
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 0|i000db:
Affects View/s:
Timeline View
i2b2 Feature/s:
Roles Based Access
i2b2 Sponsored Project/s:
i2b2 Core
Affects Database/s:
All databases
Affects Web Browser/s:
All Web Browsers
Reproduction Notes: This can be reproduced in the i2b2 testing environment (release 1.7.02).
Testing Notes: Tested with build 1.7.04.0001 and the issue still exists.

Tested with build 1.7.04.0002 and this issue appears to be working correctly.
Participant/s:

 Description   
Users with Limited data access are able to view de-identified data in the i2b2. Users with DATA_LDS should not be able to see any data that can be encrypted.

Only those users with DATA_DEID (de-identified) access can view information that can be encrypted (i.e. text in the *_blob columns). If the data is encrypted the user will still need the decryption key to decrypt the data before viewing it.
Generated at Sun Apr 05 17:11:21 UTC 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.