Restricting access to survey data results (not a public survey)

BKS · ‎06-01-2023

Maybe I'm missing something simple. I am not sure.

Requirement - Survey users must be able to submit surveys, as well as access only their own surveys via Inbox to make any changes. They cannot be able to view other users submissions.

This works well for the field app per Inbox. I set a query of dc_name=${username} and this returns only their own surveys (i.e. dc_name is autopopulated to AGOL username and is readonly).

For the s123 website, I created a group and give it access to the survey under the "Collaborate tab > Share survey" (i.e. Add and update records - read access enabled). Under the "Collaborate tab > Share results" I configure it to allow viewers to see only their own data.

This is all good.

The problem I'm having is that the survey users, if they login to AGOL, they can view others data by looking at the hosted feature service supporting the survey.

I suspect there is a simple fix to this using feature service views but I'm not sure how to prevent survey users from accessing the feature service that supports the survey. Is there a way to do this that still allows for submitting surveys and using the Inbox?

Thanks for any info.

BKS

jcarlson · ‎06-01-2023

Configuring the feature service to only let users view records they create would solve it. Having that configured at the service level rather than the form would prevent users from seeing other users' data in any context.

- Josh Carlson
Kendall County GIS

View solution in original post

jcarlson · ‎06-01-2023

Configuring the feature service to only let users view records they create would solve it. Having that configured at the service level rather than the form would prevent users from seeing other users' data in any context.

- Josh Carlson
Kendall County GIS

BKS · ‎06-01-2023

Hey @jcarlson ,

That worked as far as I can tell. That was great to hear. I was hoping for an easy solution such as that.

However it has created another issue which I do not understand. When I adjust the source feature service to allow users to see only their data and allow users to edit only their data, the web map that I use for my geopoint question does not display the map. Neither in the widget window, nor in the large window when you click on the map widget. If I change it back to allow users to see and edit all the data it displays the map. In the map I do have the source feature service but I wouldn't think that would be an issue.

Also, when I login as a survey user into AGOL, with the feature service configured to only see/edit their own data, the map can be opened just fine.

I need to resolve this. Any thoughts/ideas?

BKS

jcarlson · ‎06-01-2023

It doesn't load the map at all? Or it doesn't display the data in the map? The editing settings of a layer shouldn't impact a web map's settings at all, but it would alter how that layer displays on the map.

Because your access is based on whether or not you created the features, you'd need to be logged in to view the data. Are users going to be accessing the survey anonymously?

- Josh Carlson
Kendall County GIS

BKS · ‎06-01-2023

All good. I took a closer look at the map when logged into AGOL as a survey test user. There were several layers that had errors because I had not provided access to these based on my test user. Once I granted my test user access to the background layers the map displays as expected. The map was showing only grey prior to this.

Thanks again for all your help and speedy replies.

Cheers, BKS

BKS · ‎09-25-2023

Hello again,

To follow on from this solution, now that the restrictions are at the feature service and restrictions are in place (thank you @jcarlson for that), there is one last hurdle to overcome....

I need to allow specific users view access to ALL of the survey data (not just what they collected). In other words, I need a couple users to be able to view all of the data just like I can as the owner. They do NOT require edit access. I am planning to provide this access via a dashboard.

There are 2 main solutions I considered:

1) As the owner, create a hosted feature layer view of the survey data and share that with a group that contains only the users that require view access to all of the data. My thinking is that if the Owner of the feature layer (myself) creates the view, it should allow access to all of the data just like the owner has.

2) Copy (overwrite) every so often using a python script, a dashboard version of all the data rather than reading the data in real time via the feature layer view.

My preference, and that with which I started is (1) above and it seemed to work just fine. Logging in as one of the users that can see all of the data via the view, worked just fine. However, I do not know what has changed but now it will not display any data. As the owner all of the data is accessible but as the user who is in the group of users that has access to the view, they cannot see any of the data now.

Before I go down path (2), can someone explain if this approach makes sense to them (i.e. it should work, or should it not work).

Thanks Kindly,

BKS