Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68093

Membership in some groups should be hidden from some roles for FERPA/ADA compliance (data privacy issue)

    XMLWordPrintable

Details

    • MOODLE_311_STABLE, MOODLE_38_STABLE, MOODLE_400_STABLE
    • MDL-68093_master
    • Difficult
    • Hide

      The changes are covered by unit tests covering grouplib, plus behat tests in group/tests/behat/private_groups.feature to check the visibility of groups and in availability/tests/behat/private_ruleset.feature to cover availability rules.

      However, this would still benefit from manual testing, as it's possible there are still areas of the system leaking data about private groups. The instructions below cover creating groups using the new settings, and checking visibility of groups on the participants page. From there further exploratory testing can be performed.

      1. User the test course generator (Site administration > Development > Make a test course) to generate a S-sized course.
      2. Visit the course and go to the Participants page.
      3. Select "Groups" from the jump list at the top of the page.
      4. Click "Auto-create" groups
      5. Set group/member count to 6. Leave other options default, and click "Submit".
      6. Select Group 1 and click "Edit group settings"
      7. Set the following:
        1. Group name "Visible to all/Participation"
        2. "Visibility" should be "Visible to all", leave it as default.
        3. "Allow activity participation" should be checked, leave it as default.
        4. While you're hear, check that the help text for these settings makes sense.
        5. Click save changes
      8. Edit group 2 and set the following:
        1. Group name "Visible to all/Non-participation"
        2. Leave "Visibility" as "Visible to all"
        3. Uncheck "Allow activity participation"
        4. Click "Save changes"
      9. Edit group 3 and set the following:
        1. Group name "Visible to members/Participation"
        2. Set "Visibility" as "Visible to members"
        3. Leave "Allow activity participation" checked
        4. Click "Save changes"
      10. Edit group 4 and set the following:
        1. Group name "Visible to members/Non-participation"
        2. Set "Visibility" as "Visible to members"
        3. Uncheck "Allow activity participation"
        4. Click "Save changes"
      11. Edit group 5 and set the following:
        1. Group name "See own membership"
        2. Set "Visibility" as "See own membership"
        3. "Allow activity participation" should be disabled.
        4. "Group messaging" should also be disabled.
        5. Click "Save changes"
      12. Edit group 6 and set the following:
        1. Group name "Membership is hidden"
        2. Set "Visibility" as "Membership is hidden"
        3. "Allow activity participation" should be disabled.
        4. "Group messaging" should also be disabled.
        5. Click "Save changes"
      13. Log in a student in the "Visible to all/Participation" group
      14. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation" or "Visible to all/Non-participation" for all members of those groups.
        2. You should see "No groups" for all other users.
      15. Log in a student in the "Visible to members/Participation" group
      16. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation", "Visible to members/Participation" for all members of those groups.
        2. You should see "No groups" for all other users.
      17. Log in a student in the "See own membership" group
      18. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation".
        2. You should see "See own membership" for your own user, but not for other users in the group.
        3. You should see "No groups" for all other users.
      19. Log in a student in the "Visibility is hidden" group
      20. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation".
        2. You should see "No groups" for all other users, including your own.
      21. Log in as admin
      22. Find a Forum activity that was generated as part of the course, and edit its settings.
      23. Set "Common module settings > Group mode" to "Visible groups"
      24. Go to the course's "Participants" page.
      25. Pick a user and add them to all 5 groups they are not currently a member of.
      26. Log in as this test user.
      27. Go to the "Visible groups" forum.
      28. Click on the "Visible groups" selector at the top of the page and check the list of options.
        1. You should see "All participants", "Visible to all/Participation" and "Visible to members/Participation" (the groups with participation == true)
        2. You should not see "Visible to members/Non-participation", "See own membership" or "Membership is hidden" (the groups with participation == false)
      Show
      The changes are covered by unit tests covering grouplib, plus behat tests in group/tests/behat/private_groups.feature to check the visibility of groups and in availability/tests/behat/private_ruleset.feature to cover availability rules. However, this would still benefit from manual testing, as it's possible there are still areas of the system leaking data about private groups. The instructions below cover creating groups using the new settings, and checking visibility of groups on the participants page. From there further exploratory testing can be performed. User the test course generator (Site administration > Development > Make a test course) to generate a S-sized course. Visit the course and go to the Participants page. Select "Groups" from the jump list at the top of the page. Click "Auto-create" groups Set group/member count to 6. Leave other options default, and click "Submit". Select Group 1 and click "Edit group settings" Set the following: Group name "Visible to all/Participation" "Visibility" should be "Visible to all", leave it as default. "Allow activity participation" should be checked, leave it as default. While you're hear, check that the help text for these settings makes sense. Click save changes Edit group 2 and set the following: Group name "Visible to all/Non-participation" Leave "Visibility" as "Visible to all" Uncheck "Allow activity participation" Click "Save changes" Edit group 3 and set the following: Group name "Visible to members/Participation" Set "Visibility" as "Visible to members" Leave "Allow activity participation" checked Click "Save changes" Edit group 4 and set the following: Group name "Visible to members/Non-participation" Set "Visibility" as "Visible to members" Uncheck "Allow activity participation" Click "Save changes" Edit group 5 and set the following: Group name "See own membership" Set "Visibility" as "See own membership" "Allow activity participation" should be disabled. "Group messaging" should also be disabled. Click "Save changes" Edit group 6 and set the following: Group name "Membership is hidden" Set "Visibility" as "Membership is hidden" "Allow activity participation" should be disabled. "Group messaging" should also be disabled. Click "Save changes" Log in a student in the "Visible to all/Participation" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation" or "Visible to all/Non-participation" for all members of those groups. You should see "No groups" for all other users. Log in a student in the "Visible to members/Participation" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation", "Visible to members/Participation" for all members of those groups. You should see "No groups" for all other users. Log in a student in the "See own membership" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation". You should see "See own membership" for your own user, but not for other users in the group. You should see "No groups" for all other users. Log in a student in the "Visibility is hidden" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation". You should see "No groups" for all other users, including your own. Log in as admin Find a Forum activity that was generated as part of the course, and edit its settings. Set "Common module settings > Group mode" to "Visible groups" Go to the course's "Participants" page. Pick a user and add them to all 5 groups they are not currently a member of. Log in as this test user. Go to the "Visible groups" forum. Click on the "Visible groups" selector at the top of the page and check the list of options. You should see "All participants", "Visible to all/Participation" and "Visible to members/Participation" (the groups with participation == true) You should not see "Visible to members/Non-participation", "See own membership" or "Membership is hidden" (the groups with participation == false)

    Description

      There is a FERPA/ADA compliance issue stemming from a design collision between the group override function and the participants page design.

      At some institutions, groups and membership in groups are used to implement accomodations for students via group override in a consistent manner (e.g. extensions to due dates, alteration to quiz time limits, etc.) Regardless of how these groups are named, the presence of students in these groups exposes their "different" status to anyone who can view this group membership.

      In at least one reported incident,  this resulted in an official complaint to OCR (U.S. Office for Civil Rights https://www.hhs.gov/ocr/index.html), which has already contacted our school to follow-up. This is based on default Moodle settings.

      The available workaround at this institution was to modify the default student role permissions to prohibit student access to the participants page. However, these options would be preferred (in order of preference):

      First choice:    Implement a "private" group checkbox for groups, and update the participants page to omit listings for groups flagged as private. Also recommended: force access restrictions based on private groups to be completely hidden (i.e. not greyed out w/ restriction condition listed) Also omit private groups from the filter except for teacher, manager, and admin roles (if this could come into effect anywhere).

      Second choice:   Update the participants page to omit group membership (this seems much less ideal since looking up your own group membership and who else is in your group seems to be a design goal of this page).

      Third choice:   Update the default student role permissions so that students cannot see the participants page by default. This is not optimal for a number of reasons.

       

      Attachments

        1. Group_shows_to_ students_in_Forum.png
          Group_shows_to_ students_in_Forum.png
          168 kB
        2. Group_shows_to_ students_in_Participant_filters.png
          Group_shows_to_ students_in_Participant_filters.png
          155 kB
        3. groups.png
          groups.png
          101 kB
        4. Private Groupings Mockup.png
          Private Groupings Mockup.png
          174 kB
        5. private groups.gif
          private groups.gif
          72 kB
        6. private groups-1.gif
          private groups-1.gif
          72 kB
        7. private groups-2.gif
          private groups-2.gif
          22 kB

        Issue Links

          Activity

            People

              marxjohnson Mark Johnson
              emdalton1 Elizabeth Dalton
              Sarah Cotton Sarah Cotton
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              24 Vote for this issue
              Watchers:
              26 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 minutes
                  5m