Subject Security in Reports

Visibility permissions guideline for subjects in ETO Results using subject-based Universes. #Reporting #Security

Updated over a week ago

When creating reports in ETO Results using Standard Universes, subjects (Participants or Entities) may appear differently for each User reporting role.
​See also: Data Security and Reporting Roles

The User's reporting role plays a part in what data a User will see in a report. There are only 3 reporting roles available in ETO. The User role and the reporting role can be different. Generally speaking, Enterprise managers will have an Enterprise manager reporting role, Site managers will have a Site manager reporting role, and department heads and below (Program managers, Staff, etc.) will have a Staff level reporting role.

  • Enterprise Managers: can see all subjects within the Enterprise (all Sites and Programs)

  • Site Managers: can see all subjects with enrollments within the Site they have access to

  • Staff: can see all subjects with enrollments in any Programs they have access to

However, in Universes that are subject-based, Users will be able to see data such as enrollment information for any Participant/Entity that they have previously had access to in ETO. For example, if a Staff level User (with Staff level reporting role) has access to an Intake Program and Joe Smith was enrolled in Intake for 2 days and then dismissed, the Staff level User would be able to see Joe's enrollments in other Programs when opening a report using a subject-based Universe.

Subject-based Universes are Universes that are anchored on a subject. Examples include Standard Participant Universe (Participant is the anchor), Standard Entity Universe (Entity is the anchor), as well as custom (User-created) Universes.

As an example, if a Participant was enrolled in Program A and Program B in one Site then dismissed from Program A, a Site Manager reporting role would be able to see both of their enrollments within the site in a report regardless of their specific Program access in ETO.

A Staff-level reporting role would also be able to view both of the Participant's enrollments if they have specific access to Program A. Because the Staff-level User had access to view the Participant's information in Program A at one point, the report does not exclude the User from seeing the Participant's data in reporting.
​If a Staff-level User with no access to either of the Programs the Participant has been enrolled viewed the report, the Participant would be excluded from the report altogether for that User.
If you want to limit the data a User has access to within reporting to only the Programs they have access to, you can create a re-query that pulls Program Name from a Program-based Universe (Standard Programs Universe). To re-query for Program name, follow the steps in this article.

After the re-query is set up, if a User with a Staff level reporting role opens the same report, they would only see data pertaining to the Program they currently have access to:

Did this answer your question?