What high-level problem are you trying to solve?
In multi-country studies, ODK projects are often managed by the same data management team, but data access requirements can vary significantly. Some team members may need access to set up infrastructure but should not have access to the data itself—especially when it contains personally identifiable information (PII) that should not be shared across borders. Others may only require access to a subset of the submissions, such as data from the country they are allowed to access or training datasets, or at least deidentified datasets.
Any ideas on how ODK could help you solve it?
Currently, encryption is likely the only available solution to restrict access to data, but it’s a radical approach that comes with significant technical limitations—such as restricting access to key ODK Central functionalities, like editing records and managing entities, which are very helpful to teams.
A more practical solution could be implementing more granular role-based access control. While I’m sure this isn’t the only request related to web user roles, it would need to be considered alongside other requests for better context.
Some role distinctions could include:
- Project Manager (no data access) – can set up and manage the project but cannot access data or entities. (Note: Entities might complicate this, as they are a core part of the project structure.)
- Project Manager (with data access) – has full project management rights, including data access, potentially with filters to specify which form submissions or which form variables (columns) or entity submission/properties can be accessed.
Posting here to ensure it's documented somewhere if somebody feels it's worth moving forward