Row-Level Permissions

Last updated: 15 Feb 2022

The row-level permissions are an extension of the existing permissions features and allow project owners to create four different levels of permissions for a shared project. To find this functionality, simply go to project SETTINGS and click on the Sharing section. You will see a screen as shown below.

image

As of August 2021, the management of project permissions has been extended to allow for a total of four row-level access permissions that include:

Row-level permission

Description

View submissions only from specific users

View data submitted by a subset of defined data entry users.

Edit submissions only from specific users

Edit data submitted by a subset of defined data entry users.

Delete submissions only from specific users

Delete data submitted by a subset of defined data entry users.

Validate submissions only from specific users

Validate data submitted by a subset of defined data entry users.

Please note that some permissions imply others. For example, if Alice has Edit submissions only from specific users only for Bob, then this implies that Alice also has View submissions only from specific users for Bob.

Configure your Account Settings:

Before configuring project sharing, you will need to open your ACCOUNT SETTINGS and toggle the checkbox Require authentication to see forms and submitted data. If this configuration is left unchecked, setting row-level permissions will not work as expected.

image

Managing Row Level Permissions:

In this example, three user accounts are presented to demonstrate how the feature works. kalyan1 represents the admin or owner of the survey project (as seen in the previous images). kalyan2 and kalyan3 represent different users receiving permissions. Require authentication to see forms and submitted data has been checked for kalyan1.

View submissions only from specific users:

kalyan1 can share row-level permissions with kalyan2, where they can view submissions made from kalyan2.

Row-level permissions can also be set for kalyan3 such that they can only view submissions made by kalyan2.

Edit submissions only from specific users:

In this case, kalyan1 can share row-level permissions with kalyan2, where they can view and edit submissions made from kalyan2.

As with view permissions, the same can be done for kalyan3 to only view and edit submissions from kalyan2.

Delete submissions only from specific users:

In this case, kalyan1 can share row-level permissions with kalyan2, where they can view and delete submissions made from kalyan2.

The same can be done for kalyan3 to only view and delete submissions from kalyan2.

Validate submissions only from specific users:

In this case, kalyan1 can share row-level permissions with kalyan2 where they can view and validate submissions made from kalyan2.

The same can be done for kalyan3 to only view and validate submissions from kalyan2.

Troubleshooting:

Scenario 1:

You may come across this dialogue box (as shown in the image below) when submitting data with the Require authentication to see forms and submitted data option checked in KoboToolbox.

image

Enter your KoboToolbox login credentials and, if the account has Add submissions permission, you will be able to submit data to the server.

Note that it’s advised not to share your admin login credentials when managing your project for data security. You can create multiple enumerator accounts and share those credentials with your team.

Scenario 2:

To set the view, edit, delete and validate row-level permissions correctly on submissions from a subset of users, the Require authentication to see forms and submitted data option must be checked before data is collected. Otherwise only data collected after this option is checked will be restricted as expected.