[CORE-145] Users with LDS access can view de-identified data (i.e. reports) Created: 02/Sep/14 Updated: 02/Oct/14 Resolved: 02/Oct/14
|Project:||i2b2 Core Software|
|Reporter:||Janice Donahoe||Assignee:||Janice Donahoe|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
Roles Based Access
|i2b2 Sponsored Project/s:||
|Affects Web Browser/s:||
All Web Browsers
|Reproduction Notes:||This can be reproduced in the i2b2 testing environment (release 1.7.02).|
|Testing Notes:|| Tested with build 1.7.04.0001 and the issue still exists.
Tested with build 1.7.04.0002 and this issue appears to be working correctly.
Users with Limited data access are able to view de-identified data in the i2b2. Users with DATA_LDS should not be able to see any data that can be encrypted.
Only those users with DATA_DEID (de-identified) access can view information that can be encrypted (i.e. text in the *_blob columns). If the data is encrypted the user will still need the decryption key to decrypt the data before viewing it.