Skip to content

Data Access Definitions

Authorization Contexts

An Authorization Context is defined as a combination of the Participant-Groups and the Column-Groups that a specific User-Group has access to. The Authorization Context is therefore the combination of authorizations that enables a researcher to extract and decrypt data for which he is explicitly authorized.

Taking the model of the two-dimensional table, an Authorization Context defines the authorization to access and decrypt a subset of the total data collection. In the example shown in Figure 3 this is defined as (read and/or write) access to data-COLUMN 2, 4 and 5 , for participants with Pseudonyms 2, 5 and 7. The Data Analyst is therefore authorized to (in the case of read access) download and decrypt the data pertaining to the blue cells. In the general case, this kind of access is based on Column-Groups and Participant-Groups.

Note that, if a User-Group gets access to multiple Authorization Contexts, this may imply access that is broader than intended because Participant-Groups are not exclusively linked to a Column-Group in an Authorization Context. Because applying such a tight link would result in a great deal of complexity for the end user, and because the incidence of such combinations is expected to be very low, the decision was made not to implement this tight linkage.

Rows ↓ Column (1) Col (2) Col (3) Col (4) Col (...) Col (n)
Pseudonym (1)
Pseudonym (2) ✅︎ ✅︎
Pseudonym (3)
Pseudonym (4)
Pseudonym (5) ✅︎ ✅︎
Pseudonym (6)
Pseudonym (7) ✅︎ ✅︎
Pseudonym (...)
Pseudonym (n)