The CRC determines when and how data is presented to a user based on their user role, which is specified in the Project Management (PM) cell. The following table summarizes the user roles and their access permissions in the hierarchical order of least to most access.
Data Protection Track Role |
Access Description |
Example |
DATA_OBFSC |
OBFSC = Obfuscated
The user can see aggregated results that are obfuscated.
An example of an aggregated result is patient count.
The user is limited on the number of times they can run the same query within a specified time period. If the user exceeds the maximum number of times then their account will be locked and only the Admin user can unlock it. |
<query_result_instance>
<result_instance_id>0</result_instance_id>
<query_instance_id>0</query_instance_id>
<query_result_type>
<name>PATIENTSET</name>
</query_result_type>
<set_size>101</set_size>
<obfuscate_method>OBSUBTOTAL</obfuscate_method>
<start_date>2000-12 30T00:00:00</start_date>
</query_result_instance> |
DATA_AGG |
AGG = Aggregated
The user can see aggregated results like the patient count.
The results are not obfuscated and the user is not limited to the number of times they can run the same query. |
<query_result_instance>
<result_instance_id>0</result_instance_id>
<query_instance_id>0</query_instance_id>
<query_result_type>
<name>PATIENTSET</name>
</query_result_type>
<set_size>101</set_size>
<obfuscate_method />
<start_date>2000-12 30T00:00:00</start_date>
</query_result_instance> |
DATA_LDS |
LDS = Limited Data Set
The user can see all fields except for those that are encrypted.
An example of an encrypted field is the blob columns in the fact and dimension tables. |
PDO request:
<observation_set blob="false" onlykeys="false"/> |
DATA_DEID |
DEID = De-identified Data
The user can see all fields including those that are encrypted.
An example of an encrypted field is the blob columns in the fact and dimension tables. |
PDO request:
<observation_set blob="true" onlykeys="false"/> |
DATA_PROT |
PROT = Protected Data
The user can see all data, including the identified data that resides in the Identity Management Cell. |
|