Restricting Access to Data Collection Instruments (DCIs)

Recall that the DCIs you create in Oracle Clinical are the CRFs that users work with in the RDC application. You can limit which DCIs a users can access when they are working in RDC.

To limit DCI access, you can:

Specify the limits by user role and by study.
Specify the limits in inclusive or exclusive terms. In other words, you can specify which DCIs to include and which DCIs to exclude.

You first specify the default DCI Access at the installation level. For each user role, you define access as:

UNRESTRICTED (that is, all DCIs are visible to the user). If you do not define any exceptions to this unlimited access, the level of access depends upon privileges granted to the user at the study and site level.
RESTRICTED (that is, no DCIs are visible to the user).

Once you define the default DCI access, you can override these settings at the study level. For any user role, you can specify a list of DCIs that the user can access (an INCLUSION list) or cannot access (an EXCLUSION list).

For more information, see:

Parent topic: Securing Remote Data Capture

Changing the Default Access to DCIs

RDC includes a default set of user roles. For each user role, Oracle Clinical sets the default value for DCI access to UNRESTRICTED. In other words, all users can access all DCIs regardless of user role. You use the Maintain DCI Access by Role form to limit the DCIs a user can access.

Caution:

If you create a new user role but do not specify a default value for DCI access, users assigned to that role cannot log in to the RDC application. You must define the default access to DCIs for every user role you plan to assign.

The default DCI access specification applies to both production mode and test mode.

Before you can change the default DCI access for a user, the user role must exist (must be valid). You cannot change the default DCI access if the user role does not exist.

To define the DCI access for a user role:

Open Oracle Clinical.
Navigate to Admin and then select Users and Roles.
Select Default DCI Access by Role.
Alternatively, you can select one of the following menu options depending upon your administrator privileges and current task:
- Select Test Default DCI Access if you want to try out DCI access before implementing the feature in a live study.
- Select Query Default DCI Access by Role if you only want to view the current settings but make no changes.
Enter a valid user role in the User Role field. You can:
- Type the name of a valid user role into the field.
- Click the List of Values button, and then select a user role from the list. The list includes all the user roles currently defined in the USER GROUP ROLES installation reference codelist.
Enter the default DCI access for the selected user role. Valid entries are:
- UNRESTRICTED — Allows study/site access to all DCIs unless otherwise restricted in the DCI Access form for the study.
- RESTRICTED — Does not allow access to any DCIs unless you specify exceptions in the DCI Access form for the study.
You can type a valid entry directly into the field. Alternatively, you can click the List of Values button, and then select from the list.
Continue to enter each user role and the type of DCI access allowed.
Save your changes.

For each record in the Maintain Default DCI Access by Role form, Oracle Clinical creates and maintain an audit trail.

Upon initial entry to the form after an upgrade, Oracle Clinical populates the form with all the user roles defined in the USER GROUP ROLES reference codelist. For each user role, the Default DCI Access field is set to UNRESTRICTED. You must add any new user roles that you create.

Parent topic: Restricting Access to Data Collection Instruments (DCIs)

Defining DCI Access within a Study

After you define the default DCI access for a user role, you can refine the access on a study-by-study basis. You define exceptions to the default DCI access. For example:

You can define one or more specific DCIs that users with the selected role cannot access. When you exclude a DCI, you can also specify whether the user role does not see the DCI at all or whether the user role can open the DCI in browse mode only.
You can define one or more DCIs that users with the selected role can access. When you include a DCI, you can also specify whether the user role can open the DCI with the default study/site privileges or with browse only privileges.

If a user does not have access to a study based on the defined study-level or site-level access, the Study DCI Access does not provide the user with access to the DCI or to the study.

For more information, see:

Parent topic: Restricting Access to Data Collection Instruments (DCIs)

Opening the Maintain Access to DCIs within Study Form

The following table describes the various ways that you can open the Maintain Access to DCIs within Study form:

If you want to…	For this mode…	Open Oracle Clinical and navigate to…
Define DCI access for a study	Production	Definition, DCIs, DCI Access
View the DCI access for a study	Production	Definition, DCIs, Qry DCI Access
Define DCI access for a study	Test	Definition, Test a study, DCI Access

Parent topic: Defining DCI Access within a Study

Defining Inclusions and Exclusions for DCI Access

To define the DCI access for a study:

Open Oracle Clinical.
Navigate to Definition, DCIs, and then select DCI Access.
Enter the name of the study for which you want to define DCI access. Oracle Clinical opens the Maintain Access to DCIs within Study form.
Enter a valid user role in the User Role field. You can:
- Type the name of a valid user role into the field.
- Click the List of Values button, and then select a user role from the list. The list includes all the user roles currently defined in the USER GROUP ROLES installation reference codelist. Note that the list also displays the default access.
Enter the DCI List Type for the selected user role. Valid entries are:
- INCLUSION — Indicates that the user role will be able to access only the DCIs listed in the DCI Name column. The user role has no access to unlisted DCIs.
- EXCLUSION — Indicates that the user role cannot access the DCIs listed in the DCI Name column. All other DCIs are accessed according to the user's study/site privileges.
You can type a valid entry directly into the field. Alternatively, you can click the List of Values button, and then select from the list.
Click the DCI Name field and then enter the name of the DCI that you are including or excluding.
Alternatively, you can leave the DCI Name column empty. An empty DCI list is interpreted differently, depending on whether you are defining an INCLUSION or EXCLUSION list.
- If the DCI List Type is set to INCLUSION and the DCI Name column is empty, then the user has access to no DCIs for this study. Use this approach when the default DCI access for the user role is UNRESTRICTED, but for a specific study the user role has access to no DCIs.
- If the DCI List Type is set to EXCLUSION and the DCI Name column is empty, then the user has access to all DCIs for this study. Use this approach when the default DCI access for the user role is RESTRICTED, but for a specific study the user role has access to all DCIs.
Note:
For individual users, you usually define the same access with study security.
Click the Access field and then enter the type of access to allow for this DCI. Your options vary depending on whether you are including or excluding access to the DCI.
If the DCI List Type is set to INCLUSION, you can select:
- Default study/site privileges — Indicates that the DCI is accessed according to the user's study/site privileges.
- Browse — Indicates that the user role can open and view the DCI only in browse mode.
If the DCI List Type is set to EXCLUSION, you can select:
- None — Indicates that the user role cannot access the DCI.
- Browse — Indicates that the user role can open and view the DCI only in browse mode.
Continue to define the DCIs that this user role can access (include and exclude). Save your changes when you are finished.

Parent topic: Defining DCI Access within a Study