dhis2-devs-core team mailing list archive

[Lars Helge Øverland <larshelge@xxxxxxxxx>]

Re Ola's point, I suggest we go for the option with a property on attribute
discriminating between "confidential" and not confidential attributes. Then
we can put these into separate tables and encrypt the confidential ones.
Suggest that confidential attributes are simply not available in "analysis"
reports (ie. tabular report). This will be difficult since we cannot access
this data using plain SQL anymore, and it will be a way to circumvent
security in any case. They must be available in person search of course.