Hello! Referencing the Securing data in public surveys (Survey123 Connect) guide by the Survey123 team, I am interested in learning more about using these public views in a public map. In the Share survey settings of the survey, the option I would select is "Only add new records".
However, is it best practice to use this public view created from Survey123 (that has Public Data Collection enabled in the settings, due to it being a public survey) to add to a web map? OR alternatively is it better to create a separate public view and NOT the one that is automatically created by Survey123 sharing settings? The web map would be shared publicly with no edit capabilities.
Thanks! Happy to clarify if needed.
In our org, the public data collection view is not displayed anywhere, and includes the setting to show no data to end users (i.e., the query capability is turned off). If the layer needs public access for viewing, this is a separate, non-editable view layer which is filtered by some other "reviewed" attribute or similar.
None of our surveys has ever been spammed, but we like to keep the incoming public responses a step removed from what is seen on public maps and dashboards, just in case anything offensive needed to be filtered out.
Thank you, Josh! The goal is for the public map to be filtered by a "Reviewed" attribute, which in the survey is automatically set to "No". Would a similar goal for public access be achieved by simply using that public data collection layer and filtering it in the map, or is another public view layer just the best practice?
I wanted to see whether there are other security-related issues with using the public data collection layer, and on the flip side, if creating another public view layer was redundant in any way.
Creating multiple public layers is useful when the settings differ. In my case, one layer lets you add records, the other lets you view data. The layer for viewing includes many additional fields that are of interest to the member of the public, but which should not be exposed to the layer where editing is enabled. Fields that define a feature's status or approval, for instance. We want users to see what's happening with their submission, but we cannot include those fields in the editable layer. That could open the door to submissions being made outside of the S123 form, in which a user could manually specify other field values that the form would not expose to them.
If your review and other editing is done in a non-public layer, you could probably accomplish this with a single public view layer, provided you disabled updating or deleting existing features. Otherwise, a person could potentially open up the public layer and start editing features submitted by others.
The trouble with just using a "reviewed" filter in the map is that the service itself has no such filter. A user would be able to open the service and view unreviewed features if they wanted. Not that you're likely to find such a user, but it's worth considering, in case such features ought to remain private until a review is complete. But you could put that attribute filter on the public view layer definition, too.
As with so many things, the answer is really "it depends". Your public view may not expose any additional fields, and displaying the data from the same service as it is collected in is not an issue.