jethro-pmm icon indicating copy to clipboard operation
jethro-pmm copied to clipboard

Published 20 hours ago verified publisher icon tbar0970

Restrict access to sensitive custom fields

Open tbar0970 opened this issue 8 years ago • 3 comments

When using custom fields for eg child protection records, you may be storing details that you don't want all users to see - for example the outcome of a police background check.

It would therefore be useful to be able to mark fields as "sensitive" and only allow certain users to see these values.

Along the same lines would be the ability to mark a note as "sensitive". Could be the same access level.

The most flexible solution would support multiple levels of sensitivity and/or making some fields visible to users A, B and C and other fields visible to users D, E, F. But the time and complexity cost of this would probably not be justified by the benefit.

tbar0970 avatar Jan 26 '17 04:01 tbar0970

@tbar0970 I would suggest splitting this into two feature requests:

  • sensitive custom fields
  • sensitive notes

The two might have different priorities (I suggest sensitive notes are more widely needed) and be implemented at different times. I would also suggest trying to keep this to at most two levels of access control:

  • for sensitive statutory information (e.g. police checks -- known as different things in AUS and UK)
  • for pastoral notes

jgclark avatar Jun 09 '17 07:06 jgclark

I don't think there are a lot of gains in having multiple levels of security for something like this. However there is a huge gain in having capacity to handle confidential information.

I would suggest keeping it simple with a tick the box when creating/editing a custom field - "confidential"

Similar when leaving a note.

Then for admin to be able to tick two boxes under the user's "permissions granted" area: one for 'allow them to view custom fields marked confidential' and one for ' allow them to view notes marked confidential'

s4069b avatar Jul 04 '17 21:07 s4069b

Our pastors/elders began adding pastoral care notes to a 'pastoral visit' custom field until realising this wasn't secure.

It would be great to be able to tick a custom field as 'sensitive' and select users who can view/edit.

For more flexibility, we could use groups to specify who (all in that group) can view/edit a sensitive custom field.

alburyAJ avatar Aug 22 '23 05:08 alburyAJ