Read Only Access

I know this has already been mentioned in other forum postings but this issue came up again today with a client. Currently there is no pure read-only access rights in OpenClinica. There is monitoring rights which prevent data entry or modification but that still provides the ability to leave discrepancy notes and flag data. Clients want to view the data without the risk of data modification or creating an action. Please do not tell me to set these rights on the backend (Postgres database), this needs to be done through OpenClinica. Modifying the database directly has its own risk. I probably do not appreciate the difficulty in doing this but it seems it could be done by taking away the right to create notes from the monitor's access rights.

Comments

  • toskriptoskrip Posts: 240 ✭✭
    Hi,

    I don't actually think that this can even be done on the backend. Authorisation rights are normally the domain of the application and not the underlying database backend. Right now OC uses fixed number of roles with their rights hard-coded according to how roles and rights are described within the scope of clinical research. For more granular rights management, bigger change in OC architecture would need to be done. I have seen something like this in the roadmap, but haven't seen any work done in this direction yet. If you are in urgent need to provide such feature, I would recommend to hire a developer who will build you extra app that will fetch data via web services and serve it to the user in read only manner. Theoretically with modularisation of OC one could publish such read only data access module (but this is for future).

    T
  • lindsay.stevenslindsay.stevens Posts: 388 ✭✭
    via Email
    Why not just provide exported data? It is read only and arguably easier to
    review.
  • ccollinsccollins Posts: 360 admin
    via Email
    Hi Scott,

    OpenClinica is definitely moving in the direction that Tomas described. OC
    of the future will be modular and have a flexible permissions model
    allowing you to set permissions by role for each module. The new paradigm
    will also allow you to create custom roles and control access to specific
    content (such as particular CRFs) by role/user. The OCLLC engineering team
    in planning to dive into this specific area - authentication and
    authorization - starting in about a month.

    Best,
    Cal
  • kristiakkristiak Posts: 1,165 ✭✭✭
    via Email
    That would not give them possibility to write discrepancies directly in the data base. Why is there a problem that the monitors could change data. If the did you will find you immediately from the audit trail

    Regards
    Krister
  • brandsxbbrandsxb Posts: 25
    The advantage of read only access is to allow viewing of the data while completely eliminating the risk of entering or modifying anything in the database. This provides the sponsor the opportunity to view the data or subject status directly in the system. Many clients make this request. It gives them confidence, realistic or not, that the study is going well.
Sign In or Register to comment.