From 20427418a166555d414ab30e6509e316e212a5a7 Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Mon, 14 Jun 2021 16:20:56 +0200 Subject: [PATCH 1/2] document study approval issue --- source/security.rst | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/source/security.rst b/source/security.rst index d49452f..5588799 100644 --- a/source/security.rst +++ b/source/security.rst @@ -53,10 +53,20 @@ Study membership ~~~~~~~~~~~~~~~~ If a user is a member of a study, they automatically gain the special -``access_study`` permission in the context of that study. You can also -assign additional groups to study members that only apply in the context +``access_study`` permission in the context of that study. Study managers can +also assign additional groups to study members that only apply in the context of the study. +.. warning:: + By managing study memberships, study managers can escalate their own + priviliges inside their studies. For example, they can allow themselves to + see attributes of participants. + + A study can only be started by a separate user, the *study approver*. This + user should check for suspicious settings before approving the study. + However, for practical reasons all study settings (including memberships) + can still be changed after the approval. + .. _privacy-level: Privacy levels -- GitLab From 63f9cb8b0d704c88ab6a0ccaf49d0e5ab8ffcfc1 Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Mon, 14 Jun 2021 17:01:07 +0200 Subject: [PATCH 2/2] explain that study managers may be able to approve their own studies --- source/security.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source/security.rst b/source/security.rst index 5588799..78cd796 100644 --- a/source/security.rst +++ b/source/security.rst @@ -62,10 +62,11 @@ of the study. priviliges inside their studies. For example, they can allow themselves to see attributes of participants. - A study can only be started by a separate user, the *study approver*. This - user should check for suspicious settings before approving the study. + All studies need to be approved before they can start recruitment. The + approver should check for suspicious settings before approving the study. However, for practical reasons all study settings (including memberships) - can still be changed after the approval. + can still be changed after the approval. Some organizations will even + choose to allow study managers to approve their own studies. .. _privacy-level: -- GitLab