By definition, a public survey is accessible to anyone who wants to submit data to it, but that does not mean that anyone should be able to look at the data itself. If your public Survey123 form contains sensitive information, you should configure your survey to prevent users in the public domain from downloading, querying or changing already submitted data. Unfortunately, it is not uncommon to find public surveys where the security configuration of the survey is not set appropriately, allowing unauthorized access to the survey’s data. This article describes best practice for securing the data of surveys published in the Survey123 web designer. If you are interested in securing data for a public survey published with Survey123 Connect, refer to https://community.esri.com/groups/survey123/blog/2020/05/11/securing-data-in-public-surveys-survey12... .
If you are not familiar with the basics of public surveys, refer to https://community.esri.com/groups/survey123/blog/2016/11/10/getting-started-with-public-surveys.
Technically speaking, you can control the sharing of your survey from the Survey123 website as well as from ArcGIS.com. The easiest and safest way to share your surveys is through the Survey123 website. Using the ArcGIS.com website is more error prone and can lead you to inadvertently share, and expose your data.
To share your survey publicly:
If the option to share your survey publicly is missing, contact your ArcGIS administrator.
At this moment, your survey is shared publicly, allowing anyone to submit data through both the Survey123 web and field apps. You can get the link to your survey from the top of the Collaborate tab and distribute the link with your users. Since you have restricted access to 'Only add new records' in the Collaborate tab, it will not be possible to query, update, delete or download your survey data through the Survey123 web or field apps. Your survey's feature layer will also be secure, preventing any type of access (other than adding new records), from other Esri, third party apps or programmatic access.
Your survey data is useful for people to make decisions, so at some point you will need to share that data with people who need it. Through the Collaborate tab, you can privately share this data with members of your ArcGIS organization so they can view, analyze and even download the data from the Survey123 website.
Now that you have shared the results of your survey, users with access to the survey results will be able to look at the data from the Survey123 website using the Overview, Data and Analyze tabs of the Survey123 website. You can get the survey results link from the top of the Collaborate tab and distribute it within your organization or alternatively ask users to login into the survey123.arcgis.com website to see the survey results.
The Collaborate tab in the Survey123 website is meant to make the process for sharing and securing your data easy and error-free. Under the covers, sharing and access control to your survey data is managed through the use of ArcGIS feature layers and hosted feature layer views. These layers are saved in folder created in the ArcGIS account of the survey owner. Next, we are going to look at these feature layer views in detail.
Here is a brief explanation of the items in your survey directory:
The Survey123 website, through the Collaborate tab, manages the sharing and permissions set in each of these items. The website guarantees that the sharing across the items is consistent so the Survey123 website and apps work while keeping your data secure. Manually controlling the sharing of these items through the ArcGIS.com website can lead to inconsistencies and inadvertently expose your data.
Never share your survey feature layer. Keep your survey feature layer private and let the views do the sharing.
For a more in-depth exploration of the specific security settings present in the _fieldworker and _stakeholder views, you can follow these steps:
The most restrictive permissions in the _fieldworker view that enable submissions from a public survey while preventing access to your data are as follows:
|Editing||Enabled. Editing is required for the Survey123 web and field apps to submit data.|
|What kind of editing is allowed?||Add enabled. Delete and Update disabled.|
|What features can editors see?||Select this option: Editors can't see any features, even those they add|
|What access do anonymous editors (not signed in) have?||Any option is fine since editors cannot see any features.|
It is very common to build web mapping applications and dashboards on top of survey data. Enabling access to your survey data from these applications must be done with care, carefully controlling what data is shared and with whom.
The best way to enable access to your survey data by third party applications is by creating a new feature layer view on top of your survey's feature layer. By creating a new view, you can better control what data from your survey is shared and with whom, tailoring this to the needs of your third party application.
Using your survey's feature layer, fieldworker or stakeholder views to support third party applications is not recommended because in the future you may need to make adjustments to the sharing or permissions of these items to satisfy the needs of your third party application, and these changes can affect the normal behavior of your survey and compromising the security of your survey data.
Please read the previous paragraph again. Read it carefully so it sticks!
This is how you can create a new view, for example, to support a web mapping application:
Once your new view layer is created, you can control through the Settings dialog the permissions set on that layer. For example, you can disable editing and make it read-only. Through the Visualization tab, you can also use the feature layer view definition to choose which fields in your feature layer you want to expose. It is also possible to apply filters to your view to hide certain rows, such as non-vetted submitted survey entries, etc. Finally, you can also share this new view layer according to the needs of your web application, which will likely be different from those of your survey.
For more information about working with feature layer views:
For surveys authored from the Survey123 web designer, the easiest and safest way to control the sharing of your survey and access to your survey results is through the Collaborate tab in the Survey123 website. It is recommended that you use the Collaborate tab for this purpose.
Altering the sharing and privileges on your survey items directly through the ArcGIS.com website is more error prone and can lead to a broken survey (for example, a survey that cannot access the _fieldworker view to submit data), or to a survey that exposes your data (through a misconfiguration of the sharing for the feature layer or its feature layer views).
It is not recommended that you alter the sharing or security properties of the survey form item or its corresponding feature layer and views. Let the Survey123 website do that for you.
Note: You should not need to read this last paragraph, because you read it twice already. In the event that you need to enable access to your survey data for third party applications, it is highly recommended that you create a new feature layer view on top of your survey's feature layer. It is not good practice to use the _fieldworker or _stakeholder views to support third party applications, because the sharing and access needed by your survey and the third party apps are likely very different.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.