Limiting Public Survey Access

758
5
05-21-2018 01:26 PM
Highlighted
New Contributor

Hey Survey123 Folks,

I work for a government agency and am currently in the process of deciding what platform to use for data collection by our citizen science programs. I really like the design of survey123, and would like to use it, but we want only our approved volunteers to have access to the survey and cannot get an organizational account for all of them (there are several hundred). Part of the reason for this is we are dealing with sensitive species information.

Is there a way to have a form open to a selected group of public accounts? Or to secure it with survey-specific usernames and passwords? Let me know!

Reply
0 Kudos
5 Replies
Highlighted
Esri Esteemed Contributor

Hi Allison,

You certainly keep a survey private; the respondents would need an ArcGIS Online account to log in to.  There are several examples of this; for instance PGCLitterTRAK  | Prince George's County, MD .

Reply
0 Kudos
Highlighted
New Contributor

Hey James, 

Thank you for your reply. I was under the impression that ArcGIS Online accounts were not free, that you needed some sort of subscription or have other ESRI licenses and such and that a free ArcGIS Public Account would not suffice to fill out surveys.  Is this correct? Because in this case we cannot supply all of our volunteers with ArcGIS Online accounts.

Reply
0 Kudos
Highlighted
Occasional Contributor

I have the same problem as you. Right now what we are doing is add a survey question of type "text" with caption "Username" and/or "Password". You could place a list of username and password in a CSV file and validate the entry using the pulldata fonction. BUT, It seems the CSV file is not actualy 100% secure. Someone malicious could find the password list (I have no more information on that, but I read this somewhere). So what we end up doing is to keep the Usrename and password text field, but we do no validation on them. When they upload the survey results, we download it form ArcGIS Online on our own server and we do the password validation there. If the validation fail then the Survey data won't enter our database.

This won't prevent anyone from accessing the Survey, but this prevent unauthorized people from sending us data.

What I would like to know is if the actual Survey web adress is private unless you share it with anyone.

Reply
0 Kudos
Highlighted
New Contributor III

Hi Allison.

I believe you have a list of public accounts of your approved volunteers, right? In that case, you can restrict your form to this list by a PULLDATA function in a CSV file (writed in the media folder, containing a list of granted usernames) using the function PROPERTY("username") to check if the logged user is on the list (or not). In your form, place all fields to be collected in a group and place this check result in the relevant column of that group. Create another group (or a note) to be displayed in case the check results in false (opposit of check result), displaying a warning message like "You do not have access to this survey" or something like that. A better option to improve the security would be to use the "device id" rather than "username" because it restricts the survey to be opened only on granted devices rather than logged-in users.

I hope I helped you. Good luck.

Reply
0 Kudos
Highlighted
Occasional Contributor

I just stumbled across this post. I think this might be useful for what you are trying to achieve:

https://community.esri.com/thread/210128-survey123-calculate-field

Basicly you create an hidden field that can't be edited. Then when you supply your survey link you add the hidden field value in the link that will unlock all the questions. I don't know how secure this can be (can hidden question be revealed by a hacker?) but I think it can be a nice alternative.

Reply
0 Kudos