Problems setting survey permissions since installing v 4.5

[Sam Low]

Has anyone been having problems with setting survey permissions since installing the upgrade patch?

Everytime I set permissions for more than one user profile, it seems to disregard permissions set for other profiles.

Any tips/solutions would be appreciated.

[jpratt]

Could you please detail your issue a bit further.

I have tested two respondent users, added them to the ACL of a survey and both could still respond to a survey.

I have tested two survey editors, added them to the ACL of a survey and both could still edit the survey.

I have tested two survey admin, added them to the ACL of a survey and both could still edit the survey.

What user roles did your two users have? What permissions did you enable in the ACL?

Finally, please visit your login.aspx page. What is the version number you are currently using?

Permissions Guide located here:
http://checkbox.com/pdf/checkbox_permissions_guide.pdf

[Sam Low]

we're on v 4.5.1.17 and the problems i'm getting are when i'm setting specific permissions report security as well survey permissions.

e.g. when i set sciencereport to view survey responses and analyze data but not adminster, edit/take survey or take survey, and edit the corresponding default policy, the permissions that i've set for webeditors (who should have administer, edit/take, take, view responses and analyze data) seem to revert to default (i.e., take survey only).

non-registered users, i.e., the everyone user profile shouldn't be able to access any reports or form.create, analysis.responses.edit, etc. but whenever i've set everyone to only take survey, and then amend another user profile for the same survey, everyone seems to be able to see the report, administer the survey, etc.

ditto when i set report permissions on individual reports.

what i've had to do is set permissions and save one policy at a time per each user profile before each survey/report 'remembers' what access permissions it's supposed to have.

it's taking a lot longer to set permissions now than with the previous version, i.e., v4.4.1.14. and without having to redo previously set permissions with other user profiles.

[ncushing]

Sam,

It sounds like there are a couple sources of confusion. First, the "Default Policy" permissions apply to non-registered users and only to registered users when the registered user OR a group the registered user is in is not on the access list.

Second, the "Everyone" profile is actually a user group that implicitly contains all registered users, so adding the "Everyone" group to an access list means you are setting permissions for all users via this group, except users that are directly on the access list.

[Sam Low]

thanks for post but if i don't add everyone as a user to the permissions, then non-registered users can view reports (some of which contain sensitive data) without logging in.

it wouldn't be so much of an issue if it was only just me (or my fellow web editors) were the people downloading/running reports but we've got survey owners who insist on being able to download data and run reports when they want but don't want the responsibility of maintaining the survey themselves...

[pwiesner]

You should not need to add the Everyone group to a survey ACL in order to limit access of none registered users. The best place to control this is the Default Policy. The Default Policy of a Checkbox survey or report determines which permissions are granted to users who are not on the ACL; this includes none registered users.

For example, if the default policy for a survey grants the ‘Analyze Data’ permission, anybody can create reports for the survey. To control who can view reports, you would edit the security of the report itself and remove view permission from the default policy to prevent unregistered users from viewing them.

What permissions have you granted on the Default Policy for both the survey in question and the reports that are viewable?

[Sam Low]

the default is take survey in the survey acl but whenever i leave it as the default and then try to set permissions for the report itself, non-registered users can then see the report - when i add everyone in survey acl and then restrict permissions for this profile, this then prevents non-users from seeing it but then it allows all my registered users to see the report and survey nav buttons when they shouldn't.

does this make sense?

[pwiesner]

The source of your problem is still not entirely clear. At this point I think your best option is to contact the support team. The support team will be able to schedule a virtual meeting with you so that they can see exactly what is happening on your end.

[Sam Low]

thanks - will do as you suggested.