User masquerade and other ideas

Folks

We have a use case where we would like a 'single user/single subject' access to allow the participant to interact with their own records! This may take the form of data entry or access to the subject case book. Equally it would be good if the login and authentication could be via an alternative identifier (such as the person id field) with external authentication (such as OpenId).

Okay I know this is a big ask.

The security model is really quite different and assumes the registered users 'own' a group of participants at sites, the unworkable option would be a site per participant. Other systems use a masquerade approach to overlap many onto one but this has access control implications. Participate offers a single mode possibility [data in but not data out].

My questions then are simple: is OC ever likely to implement this capability? Should we abandon the thought that we can use OC in an environment in which the participant can equally create, edit and review their own record set?

Any thoughts please?

Roger

Comments

  • bbaumannbbaumann Posts: 104 admin
    via Email
    Hi Roger,

    Just to clarify, Participate does allow subjects to edit their data up
    until the point at which the subject confirms they are all done with the
    forms in the event.

    - Ben

    On Wed, Oct 26, 2016 at 4:49 AM, rogeroge <
    forums+d16105-s5021087@openclinica.org> wrote:

    > OpenClinica https://forums.openclinica.com/
    >
    > rogeroge started a new discussion: User masquerade and other ideas
    >
    >
    >
    > Folks
    >
    >
    >
    > We have a use case where we would like a 'single user/single subject'
    > access to allow the participant to interact with their own records! This
    > may take the form of data entry or access to the subject case book. Equally
    > it would be good if the login and authentication could be via an
    > alternative identifier (such as the person id field) with external
    > authentication (such as OpenId).
    >
    >
    >
    > Okay I know this is a big ask.
    >
    >
    >
    > The security model is really quite different and assumes the registered
    > users 'own' a group of participants at sites, the unworkable option would
    > be a site per participant. Other systems use a masquerade approach to
    > overlap many onto one but this has access control implications. Participate
    > offers a single mode possibility [data in but not data out].
    >
    >
    >
    > My questions then are simple: is OC ever likely to implement this
    > capability? Should we abandon the thought that we can use OC in an
    > environment in which the participant can equally create, edit and review
    > their own record set?
    >
    >
    >
    > Any thoughts please?
    >
    >
    >
    > Roger
    >
    >
    >
    > --
    >
    > To manage your email notifications, please visit:
    > https://www.openclinica.com/forums#/profile/preferences
    >
    >
    >
    > Reply to this email directly or follow the link below to check it out:
    >
    > https://forums.openclinica.com/discussion/16105/user-
    > masquerade-and-other-ideas
    >
    >
    >
    > Check it out: https://forums.openclinica.com/discussion/16105/user-
    > masquerade-and-other-ideas
    >
Sign In or Register to comment.