I am running a survey where data collectors are located in various locations. With the ODK-X bi-directional synchronization, data collectors are able to view and edit any data from any location including those which are not theirs.
I wanted to know if anyone has implemented the Table-level Security Configuration and Row Level Access Filter who can share a sample Settings file to disable data editing by other users who have not captured it.
Or if anyone has any other workaround on this.
The way I have done this in the past is locking the table. If the table is locked, you can typically have the user who created it read/write/delete, but then only super-users or admins can edit once it syncs up to the server. I think this would solve your problem.
Here is where the table security settings are demonstrated:
https://docs.opendatakit.org/odk-x/data-permission-filters/?highlight=permission#table-level-security-configuration
turning the key: locked to true rather than false should solve this problem.
@elmps2018
Thank you for the link. I have tried using this. I added a row in the properties.csv with the following values:
partition aspect key type value
Table security locked boolean true
But I can still edit data using any of the ordinary users.
Is there anything I am not doing right?
I am always thankful for the support!!
So two things more to check:
-
Has the data been synced to the server? Are the ordinary users accessing it from the server? If it has just been pushed from the computer to the tab until it has synced it will be editable
-
Have you checked the groups of the ordinary users? See Data Permission Filters — ODK-X Docs
for example, if they are privileged, they can edit a locked table.
I am testing with data which has already been synced to the server. I noticed the data had been initially entered with FULL access on creation. After changing it to READ_ONLY it seems other users are no longer able to change it.
However the ordinary user is now failing to create any records with Access denied error.
I have these in the properties.csv file:
**_partition **
**_aspect **
_key
_type
_value
Table
security
defaultAccessOnCreation
string
READ_ONLY
Table
security
locked
boolean
TRUE
Table
security
unverifiedUserCanCreate
boolean
FALSE
Is there anything I have not done right here?
As documented at:
https://docs.opendatakit.org/odk-x/data-permission-filters/?highlight=permission#table-level-security-configuration
Only super-users and administrators can create and delete rows in locked tables. Anonymous, unverified, or ordinary users are unable to do so.
Therefore, by the table being locked you are preventing new rows from being created.
If you keep default access as READ_ONLY only the user that created the row AND super-users/administrators can edit the row after the row has been sync’d to the server. (Assuming no group permissions are set)
A new row does not have permission enforced until it is sync’d to the server. However, this covers most cases as people sync to change users so it’s rarely an issue.
I set Table security-locked to FALSE and it has worked now.
Thank you for the support.
Indeed I changed the table locked value to FALSE and it worked out. So my properties.csv file is not looking like this:
**_partition **
**_aspect **
_key
_type
_value
Table
security
defaultAccessOnCreation
string
READ_ONLY
Table
security
locked
boolean
FALSE
Table
security
unverifiedUserCanCreate
boolean
FALSE
Thank you Waylon, Caroline for the support.