[Catalog] Remove user data from UDF that's collected from a different subcatalog from the downloaded enrollment analytics file

Problem statement:

Currently, this is what's happening to collected from a user that enrolls in courses listed in different subcatalogs. Here's an example.

  1. Subcatalog A admin Joe created UDF for “State”
  2. Subcatalog B admin Jane created UDF for “Workplace”
  3. Neither have access to the other’s subcatalog.
  4. Student Bob enrolls in Subcatalog A course and provided State as "KS"
  5. Student Bob also enrolls in Subcatalog B course and provided workplace as "Acme"
  6. Subcatalog A admin Joe downloads the Enrollment Analytics via Export CSV
  7. Subcatalog A admin sees student Bob’s data collected from Subcatalog B that they don’t have access to and they now have access to information that Bob’s workplace is Acme.
    1. Student Bob only provided his workplace information to Subcatalog B
    2. Subcatalog A admin has access to information they did not ask for
    3. Student Bob does not know that Subcatalog A now also knows his workplace

Our use case and internal policy is:

  • only root admins should have access to all data, regardless of where it was collected from subcatalog-wise.
  • all of our subcatalog admins are and should only be limited to information collected from their own subcatalog. They should not see information collected from another subcatalog that they’re not an admin of, even if it was a student that enrolled in their subcatalog and in somebody’s else’s Catalog that they don’t have access to. Limiting the collected data from UDFs in a subcatalog to that subcatalog should be how UDFs should function. When downloading the enrollment analytics file from my own subcatalog, a subcatalog admin should only see collected data from UDFs created in their own subcatalog and not somebody else's subcatalog, even if the enrollment in those different courses from different subcatalogs came from the same user.
 
Proposed solution:

Since the web view of enrollment analytics displays only UDFs and the collected info from UDFs just from that subcatalog, the downloaded enrollment analytics form should reflect that as well. Displaying data that that subcatalog did not initiate the collection from should not display in that subcatalog admin's view.

 
User role(s):

admin

1 Comment
rpsloan
Community Participant
Author

The numbering did not retain the format so I'm putting it here:

1. Subcatalog A admin Joe created UDF for “State”

2. Subcatalog B admin Jane created UDF for “Workplace”

3. Neither have access to the other’s subcatalog.

4. Student Bob enrolls in Subcatalog A course and provided State as "KS"

5. Student Bob also enrolls in Subcatalog B course and provided workplace as "Acme"

6. Subcatalog A admin Joe downloads the Enrollment Analytics via Export CSV

7. Subcatalog A admin sees student Bob’s data collected from Subcatalog B that they don’t have access to and they now have access to information that Bob’s workplace is Acme.

7.a. Student Bob only provided his workplace information to Subcatalog B

7.b. Subcatalog A admin has access to information they did not ask for

7.c. Student Bob does not know that Subcatalog A now also knows his workplace