Surveys contain valuable, and sometimes sensitive, information. It’s therefore essential to restrict access to certain parts of surveys to those who really need it, in order to do their jobs. This works by assigning users with specific roles which only allow access to designated areas and functionality.
Roles and rights
Nfield surveys incorporate a number of default roles: Domain Administrator, Power User, Regular User, Scripter, Supervisor, Limited User and Quota Manager. Each of which allows an appropriate scope of access.
For example, Scripters can create questionnaires and publish surveys for testing purposes. But cannot publish surveys to go live, send out email invitations or access survey data.
By default, each role is granted their access rights for every survey within a domain. But there might be reasons to also restrict which surveys each user can access.
For example:
- If you have any surveys classified as highly confidential.
- If you are working with competing clients (Cola Cola vs Pepsi).
- If you want to allow a client to access real time quota progress.
How to specify individual access rights
Nfield survey access rights can be customized to fit your needs. This requires API implementation and is an add-on to your Nfield subscription.
To explain the set-up, we need to look at how Survey Groups work.
A Survey Group is a container for surveys in which users are assigned their access. By default, existing and newly created surveys are put under the Default Survey Group, so your existing and newly created users are given the access specified in this Default Survey Group.
To demonstrate, let’s say you have a survey about Cola, which is highly confidential and access must therefore be restricted to an individual Scripter. This would need to be set up as shown below, with a new container called “Survey Group Cola” that contains this Cola Survey and only specifies access to your designated Scripter.
In terms of API calls, this breaks down into the following steps:
| Step | API call |
| 1) Create the group “Survey Group Cola”. | POST v1/SurveyGroups |
| 2) Move the Cola survey from “Default Survey Group” to “Survey Group Cola”. | PUT v1/Surveys/{surveyId}/SurveyGroup |
| 3) Assign the Scripter to “Survey Group Cola”. | PUT v1/SurveyGroups/{surveyGroupId}/AssignLocal |
| 4) Unassign the Scripter from “Default Assignment”.* | PUT v1/SurveyGroups/{surveyGroupId}/UnassignLocal |
*remarks: One user can be assigned to multiple survey groups. So you may skip this step to keep the default survey group access according to your wish.
The following illustration demonstrates this using Postman for executing the API calls.
Putting you in control
As described in ISO 27001, “Put simply, access control is about who needs to know, who needs to use and how much they get access to.” It’s something people are always talking about on our own work floor. This Nfield feature gives you the control you need to restrict access to survey rights as appropriate, to safeguard data security while enabling people to do their jobs.
