Event participants are pseudonymized for any users when participants have previously been entered. Newly added participants seem to be excluded from that.
SORMAS version: 1.48.1/1.48.0


Android version/Browser: Chrome, Firefox
Additional discussions regarding how the Jurisdiction check is applicable to Event Participants are needed.
The only Jurisdiction policy implemented was Event Participant was accessible to Reporting User (user who created the Event Participant).
Currently, this policy is disabled due to the limitations it has.
@bernardsilenou
Discussed with HZI: All users of a SORMAS instance (Gesundheitsamt) can see all data which belong to an event participant and the whole event participant list. If some of the users within one Gesundheitsamt should not see the person's data, they can handle this with the roles & rights management.
@bernardsilenou We need a clear chain of "responsibilty" for the event participant that defines who can fully access it.
Our suggestion is as follows:
Would this make sense? Or is there a need to separate the responsible district from the district of the persons address / event location?
Dear All,
The challenge i can see here is that if the district of the home address of the event participant person is not missing, and the reporting user of the event participant has another district, then we would have a situation where users create an event participant and after it sync with the db, their colleagues (surveillance officers) will not be able to see personal data of the entity they just created. This will also prevent them from making corrections.
For cases and contact, seudonimazation do not currently hold when the reporting user has a different district from that of the responsible district. The reporting user always see the personal data. I think we should use the same logic for event participants. Here are the suggested changes:
We can go with a similar logic we uses when a contact is not in the district of the case.
We can use the district of the event as default and users can later change it to the district of the address of the person. I discussed with Kay we realized using the address of the person as default may not be optimal because the officer at the district of the event should deliberately assign the event participant to another district.
Another issue i can think of is the fact that we block confidential data from users who do not have the user role account in the district of the EP. We also make events public and every user can add an event participant. A simple way to test is a person is in an event it just to create the EP and duplicate detection of EP will validate it, see image attached. We also need a solution for this.
I will discuss with the team and come up with a final solution by tomorrow.
@bernardsilenou Thanks for your reply.
Splitting the UI for event participant and the event participant person makes sense, but should not be part of this issue.
Always giving the reporting user access to the event participant makes sense. Actually we already have this information, but aren't displaying it yet.
I'd suggest to not add responsible region/district/community to the event participant at this point, to keep it simple for the user.
Instead we could give the following users full access to the event participant
Also we should display the reporting user in the UI of the participant, similar as we are doing it for cases and contacts.
@MartinWahnschaffeSymeda I have a meeting to discuss this with him today and hope to have a toms up. I will comment soon
@MartinWahnschaffeSymeda We can go with your solution with this minor adaptation. The goal is to give only one jurisdiction the right to edit the ep data at any time and also allow the jurisdiction of the event to be able to share the ep entity to another jurisdiction (not only jurisdiction of the address of the ep person) and by doing that loose writing right to the ep entity.
We give the following users full access to the event participant:
In other words:
@MartinWahnschaffeSymeda @MateStrysewske @markusmann-vg do you agree with this? is there something missing?
So the todos would be:
@bernardsilenou Please double check that I got you right.
@MartinWahnschaffeSymeda Thanks for the excellent summary, I have minor comments:
So the todos would be:
- [ ] add fields for responsible region and district to the event participant
- [ ] display reporting user in event participant form
- [ ] reporting user should always have full access
condition that the region/district of reporting user == responsible region/district of ep
if region/district of reporting user != responsible region/district of ep, then reporting user should have only read access. This condition would help that when reporting user in not in the jurisdiction of the event, they would be forced to assign their jurisdiction when adding the ep to the event
- [ ] when no responsible region/district is defined, users in the jurisdiction of the event have full access
- [ ] when a responsible region/district is defined, users in the jurisdiction of the event have only read access
if responsible region/district of ep is defined and != jurisdiction of the event, users in the jurisdiction of the event only read access
- [ ] users in the responsible region/district have full access
- [ ] All other users only have pseudynomized read access
if region/district of reporting user != responsible region/district of ep, then reporting user should have only read access. This condition would help that when reporting user in not in the jurisdiction of the event, they would be forced to assign their jurisdiction when adding the ep to the event
@bernardsilenou That would contradict the general pattern that reporting users always have the right to edit. Otherwise the user would not be able to fix a wrong initial input (e.g. accidentally picking the wrong district).
If the goal is to make sure the responsible district is set, I would suggest the following:
@MartinWahnschaffeSymeda Thanks for the correction, Your solution is better
Most helpful comment
@bernardsilenou Thanks for your reply.
Splitting the UI for event participant and the event participant person makes sense, but should not be part of this issue.
Always giving the reporting user access to the event participant makes sense. Actually we already have this information, but aren't displaying it yet.
I'd suggest to not add responsible region/district/community to the event participant at this point, to keep it simple for the user.
Instead we could give the following users full access to the event participant
Also we should display the reporting user in the UI of the participant, similar as we are doing it for cases and contacts.