TouchPoint Flattened Data and Custom Universes
Participant-scoped custom universes use the Participant as the "anchor" for all the data. The guideline is, if the User has access to the Participant data, they will be able to see the data, but there are some exceptions to this.
In this case, having access to the Participant means having direct access to the TouchPoint response in ETO. This is generally moderated by Reporting Role, View Own Security, and Program/Site Access. For TouchPoints, "View Own" security controls ALL access in Results reporting. If you want to allow a user to see a TouchPoint response in a report, but not allow them to create or see that response in ETO, you can check "View Own" security for their reporting role but leave "View Others" off. This will prevent them from seeing the responses in ETO since they cannot see others' responses and they can't create their own responses, but View own WILL allow them to see all responses in Results reporting, regardless of who created the response. Security is applied at the TouchPoint level first, and then to the participant, so if a TouchPoint response exists in the report that the user does not have security for, they will also not see the participant in the report
Example 1:
Participant exists in Program A and takes TouchPoint XYZ in Program A; Site A.
The Query contains: Subject ID, Name, Demographics, and TouchPoint XYZ Objects (Date Taken, Questions, Response ID)
View Own security is on for Enterprise Managers and Site Managers but not for Staff users in Program A, Site A.
People who can see the Participant:
A User with "Enterprise Manager" Reporting Role and access to View Own security for TouchPoint XYZ in Program A will see the Participant
A User with access to Site A, "Site Manager" Reporting Role and access to View Own security for TouchPoint XYZ in Program A will see the Participant
A User with access to Program A, "Staff" Reporting Role, and access to View Own security for TouchPoint XYZ in Program A will see the Participant
People who cannot see the Participant:
A User with "Enterprise Manager" Reporting Role and no access to View Own security for TouchPoint XYZ in Program A will not see the Participant
A User with access to only Site B, "Site Manager" Reporting Role, and access to View Own security for TouchPoint XYZ in Program A/Site A will not see the Participant
A User with access to Program B, "Staff" Reporting Role, and access to View Own security for TouchPoint XYZ in Program A will not see the Participant
To Remedy
Give the User a higher Reporting Role
Give the User access to View Own security for the TouchPoint
Give the User access to the Program where the response was taken
Remove the TouchPoint Objects from the Query
Remember how security is applied at the TouchPoint level first and then any restricted response will also cause the participant to not appear in the report? This is also true if there are multiple TouchPoints in the report with different security.
Example 2:
Participant exists in Program A and takes TouchPoint XYZ in Program A; Site A.
β
View Own security is on for Enterprise Managers and Site Managers but not for Staff users in Program A, Site A, TouchPoint XYZ.
β
Participant exists in Program B and takes TouchPoint 123 in Program B; Site A.
View Own security is on for Enterprise Managers but off for Site Managers and Staff users in Program B, Site A, TouchPoint 123.
β
The same participant has a response for TouchPoints XYZ and 123 that both appear in the report.
People who can see the Participant:
A User with "Enterprise Manager" Reporting Role and access to View Own security for TouchPoint XYZ in Program A will see the Participant
People who cannot see the Participant:
A User with access to Program A, "Staff" Reporting Role will not see the Participant or the responses.
A User with access to Program A, "Site Manager" Reporting Role will also not see the Participant or the responses. This user has the security to see TouchPoint response XYZ, but since they do not have the security to see response 123, the participant and both responses will be excluded from the report. If another participant has a response to TouchPoint XYZ but no response to 123, the staff level user WILL see that participant because the TouchPoint 123 security does not need to be enforced since this participant has not taken the TouchPoint.
TouchPoint Unflattened Data and Standard Universes
These Universes tie back to the responses. The guideline is, if the User has access to the responses, they will see the data.
In this case, having access to the response means having access to the response in based on TouchPoint Security. This is primarily moderated by Reporting Role, View Own, View Others, and Share Responses Across Site/Enterprise securities.
For the most part, Flattened Data just looks to see if you have access to the response in the UI. Do you have View Own and/or View Others on for the subject type? Is the response in a Program you can access?
If Share Responses Across Site / Enterprise is on this can expand access to the responses.