We identified at least one of our form users (sridata_collect_aec) who has access to many of our projects (e.g. awSRzhZDYfzuTCJcDnHSfr) instead of the few where the user is set under Settings/Sharing. Even worse, projects cannot be accessed where the permission is granted (e.g. ai8xDjfryoa7SXqBvrmvGd).
What can we do to make the roles and permissions feature work again?
@york_rff, did you mean your user cannot access the shared project, or did you try to mean you are not able to share the project with the user (the user is not able to see the shared project at their end)? Correct me if I understood you incorrectly. Please also feel free to let us know the server you are on.
We have many projects and shared only a few of them with that user. However, the user can’t see at least one project shared and can see more than one project we didn’t share. Clearer?
We just discovered a strange detail: The respective user seems to have added the username of the project owner to the URL. Is this a trick, users can apply to get more access then defined in Settings/Sharing??
@york_rff, OK, I now get your point. That is not the appropriate way to configure the URL. This post discussed previously should also help you solve your issue:
Actually, it seems that this really was the problem – we hear that removing the project owner’s user name from the URL results in the normal behaviour (i.e. showing all and only the forms the user is meant to see).
However, this looks like a notable weakness in the roles and permissions functionality of kobotoolbox. Just too easy to get access to forms a user is not assigned to. @Kal_Lam, don’t you think so?
@york_rff, yes that way of configuring the URL is okey if you are collecting data from only one account (and that account is an admin account) where you would not like to share the login credentials with the enumerators.
However the downside of that approach is that the enumerators would be able to get all the blank forms from the account (if there would be multiple deployed projects).
With “that way of configuring” you mean to add the admin user name to the URL but still use a different name as user? What should this be good for (so good that it is worth to compromise the whole user restriction feature, because now anyone who finds out the admin users name [but not his password] can bypass the filters and see all other forms)?
