ODK Privacy and Security

Hello ODK Forum members

I have configured my ODK Aggregate with Google drive engine and finished creating .appstop.com URL. The ODK Aggregate works pretty well however, am running a series of survey projects on this one ODK Aggregate i created. My problem now is that i don't want users of one survey to access uploaded forms of other surveys on the ODK collect. This is for purpose of privacy and security for the different clients. one client should not feel that his survey questionnaire can be accessed by other users since am using the same URL. How do i go about this problem. Thank you

Hi @Makanga

if you use only one ODK aggregate instance all forms are available for all users and unfortunately it's not possible to assign them somehow.

Thanks @Grzesiek2010 for the reply. So how do i go about it, isnt there any way of creating passwords for users or editing the appstop.com project on google drive.

Hi @Makanga,

I've dealt with this very situation in the past. And as @Grzesiek2010 says, it's not possible to do user management on accessing different questionnaires without creating multiple ODK aggregate instances.

A couple of thoughts:

  1. Create a different .appspot.com url/server for each new client. This means more work on your end maintaining several instances, however will restrict the forms that your data collectors can see. This is the solution I used previously.

  2. Could you allow all users to see all forms, but create some sort of a password question with a "relevant" clause in each of your forms that would only allow users with the password to access and fill in the remainder of the questions in each form? (I never did this, I'm just brainstorming for you here.)

This is the main reason I had to eventually stop using ODK aggregate as a server and went to using ONA, as they could offer user management (e.g., allowing only certain users access to certain forms). A question for the ODK development community: is user management a completely impossible feature to add to ODK aggregate? I'm guessing it's a big overhaul. But if there was a feature that would make ODK aggregate an even-awesomer solution - it would be user management.


Adding this kind of user management to Aggregate is not easy, but if someone wants to take it on, that would be incredible. And to make that slightly more possible, we've spent a lot of time cleaning up the Aggregate infrastructure to make it easier to contribute.

1 Like

@Makanga if your clients' main need is to see the data that they are collecting you can publish your forms individually to either Google Sheets and/or Google Fusion Tables (Fusion Tables have built in mapping functionality) and then share these with only the respective clients who should have access. Both methods retain links back to the Data store to any pictures/videos/etc collected in your forms.