Subject Security in Reports

Visibility permissions guideline for subjects in ETO Results using subject-based Universes. #Reporting #Security

Updated over a week ago

When creating reports in ETO Results using Standard Universes, subjects (Participants or Entities) may appear differently for each User reporting role.
​See also: Data Security and Reporting Roles

The User's reporting role plays a part in what data a User will see in a report. There are only 3 reporting roles available in ETO. The User role and the reporting role can be different. Generally speaking, Enterprise managers will have an Enterprise manager reporting role, Site managers will have a Site manager reporting role, and department heads and below (Program managers, Staff, etc.) will have a Staff level reporting role.

  • Enterprise Managers: can see all subjects within the Enterprise (all Sites and Programs)

  • Site Managers: can see all subjects with enrollments within the Site they have access to

  • Staff: can see all subjects with enrollments in any Programs they have access to

However, in Universes that are subject-based, Users will be able to see data such as enrollment information for any Participant/Entity that they have previously had access to in ETO. For example, if a Staff level User (with Staff level reporting role) has access to an Intake Program and Joe Smith was enrolled in Intake for 2 days and then dismissed, the Staff level User would be able to see Joe's enrollments in other Programs when opening a report using a subject-based Universe.

Subject-based Universes are Universes that are anchored on a subject. Examples include Standard Participant Universe (Participant is the anchor), Standard Entity Universe (Entity is the anchor), as well as custom (User-created) Universes.

As an example, if a Participant was enrolled in Program A and Program B in one Site then dismissed from Program A, a Site Manager reporting role would be able to see both of their enrollments within the site in a report regardless of their specific Program access in ETO.

A Staff-level reporting role would also be able to view both of the Participant's enrollments if they have specific access to Program A. Because the Staff-level User had access to view the Participant's information in Program A at one point, the report does not exclude the User from seeing the Participant's data in reporting.
​
​If a Staff-level User with no access to either of the Programs the Participant has been enrolled viewed the report, the Participant would be excluded from the report altogether for that User.
​
If you want to limit the data a User has access to within reporting to only the Programs they have access to, you can create a re-query that pulls Program Name from a Program-based Universe (Standard Programs Universe). To re-query for Program name, follow the steps in this article.

After the re-query is set up, if a User with a Staff level reporting role opens the same report, they would only see data pertaining to the Program they currently have access to:

Did this answer your question?