Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68093

Membership in some groups should be hidden from some roles for FERPA/ADA compliance (data privacy issue)

XMLWordPrintable

    • MOODLE_311_STABLE, MOODLE_38_STABLE, MOODLE_400_STABLE
    • MOODLE_402_STABLE
    • MDL-68093_master
    • Difficult
    • Hide

      The changes are covered by unit tests covering grouplib, plus behat tests in group/tests/behat/private_groups.feature to check the visibility of groups and in availability/tests/behat/private_ruleset.feature to cover availability rules.

      However, this would still benefit from manual testing, as it's possible there are still areas of the system leaking data about private groups. The instructions below cover creating groups using the new settings, and checking visibility of groups on the participants page. From there further exploratory testing can be performed.

      1. User the test course generator (Site administration > Development > Make a test course) to generate a S-sized course.
      2. Visit the course and go to the Participants page.
      3. Select "Groups" from the jump list at the top of the page.
      4. Click "Auto-create" groups
      5. Set group/member count to 6. Leave other options default, and click "Submit".
      6. Edit any group and verify you can not change 'Group visibility' or 'Allow activity participation'
      7. For each group remove all group members
      8. Select Group 1 and click "Edit group settings"
      9. Set the following:
        1. Group name "Visible to all/Participation"
        2. "Visibility" should be "Visible to all", leave it as default.
        3. "Allow activity participation" should be checked, leave it as default.
        4. While you're hear, check that the help text for these settings makes sense.
        5. Click save changes
      10. Edit group 2 and set the following:
        1. Group name "Visible to all/Non-participation"
        2. Leave "Visibility" as "Visible to all"
        3. Uncheck "Allow activity participation"
        4. Click "Save changes"
      11. Edit group 3 and set the following:
        1. Group name "Visible to members/Participation"
        2. Set "Visibility" as "Visible to members"
        3. Leave "Allow activity participation" checked
        4. Click "Save changes"
      12. Edit group 4 and set the following:
        1. Group name "Visible to members/Non-participation"
        2. Set "Visibility" as "Visible to members"
        3. Uncheck "Allow activity participation"
        4. Click "Save changes"
      13. Edit group 5 and set the following:
        1. Group name "See own membership"
        2. Set "Visibility" as "See own membership"
        3. "Allow activity participation" should be disabled.
        4. "Group messaging" should also be disabled.
        5. Click "Save changes"
      14. Edit group 6 and set the following:
        1. Group name "Membership is hidden"
        2. Set "Visibility" as "Membership is hidden"
        3. "Allow activity participation" should be disabled.
        4. "Group messaging" should also be disabled.
        5. Click "Save changes"
      15. Add some users to groups 1-6
      16. Log in a student in the "Visible to all/Participation" group
      17. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation" or "Visible to all/Non-participation" for all members of those groups.
        2. You should see "No groups" for all other users.
      18. Log in a student in the "Visible to members/Participation" group
      19. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation", "Visible to members/Participation" for all members of those groups.
        2. You should see "No groups" for all other users.
      20. Log in a student in the "See own membership" group
      21. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation".
        2. You should see "See own membership" for your own user, but not for other users in the group.
        3. You should see "No groups" for all other users.
      22. Log in a student in the "Visibility is hidden" group
      23. Visit the course's "Participants" page
        1. In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation".
        2. You should see "No groups" for all other users, including your own.
      24. Log in as admin
      25. Find a Forum activity that was generated as part of the course, and edit its settings.
      26. Set "Common module settings > Group mode" to "Visible groups"
      27. Go to the course's "Participants" page.
      28. Pick a user and add them to all 5 groups they are not currently a member of.
      29. Log in as this test user.
      30. Go to the "Visible groups" forum.
      31. Click on the "Visible groups" selector at the top of the page and check the list of options.
        1. You should see "All participants", "Visible to all/Participation" and "Visible to members/Participation" (the groups with participation == true)
        2. You should not see "Visible to members/Non-participation", "See own membership" or "Membership is hidden" (the groups with participation == false)
      32. In the Moodle app, connect to the site and log in as the user chosen in Step 25.
      33. Visit the test course and open the "Visible groups" forum.
      34. Follow steps 26-28 to confirm the same behaviour is present in the app.
      Show
      The changes are covered by unit tests covering grouplib, plus behat tests in group/tests/behat/private_groups.feature to check the visibility of groups and in availability/tests/behat/private_ruleset.feature to cover availability rules. However, this would still benefit from manual testing, as it's possible there are still areas of the system leaking data about private groups. The instructions below cover creating groups using the new settings, and checking visibility of groups on the participants page. From there further exploratory testing can be performed. User the test course generator (Site administration > Development > Make a test course) to generate a S-sized course. Visit the course and go to the Participants page. Select "Groups" from the jump list at the top of the page. Click "Auto-create" groups Set group/member count to 6. Leave other options default, and click "Submit". Edit any group and verify you can not change 'Group visibility' or 'Allow activity participation' For each group remove all group members Select Group 1 and click "Edit group settings" Set the following: Group name "Visible to all/Participation" "Visibility" should be "Visible to all", leave it as default. "Allow activity participation" should be checked, leave it as default. While you're hear, check that the help text for these settings makes sense. Click save changes Edit group 2 and set the following: Group name "Visible to all/Non-participation" Leave "Visibility" as "Visible to all" Uncheck "Allow activity participation" Click "Save changes" Edit group 3 and set the following: Group name "Visible to members/Participation" Set "Visibility" as "Visible to members" Leave "Allow activity participation" checked Click "Save changes" Edit group 4 and set the following: Group name "Visible to members/Non-participation" Set "Visibility" as "Visible to members" Uncheck "Allow activity participation" Click "Save changes" Edit group 5 and set the following: Group name "See own membership" Set "Visibility" as "See own membership" "Allow activity participation" should be disabled. "Group messaging" should also be disabled. Click "Save changes" Edit group 6 and set the following: Group name "Membership is hidden" Set "Visibility" as "Membership is hidden" "Allow activity participation" should be disabled. "Group messaging" should also be disabled. Click "Save changes" Add some users to groups 1-6 Log in a student in the "Visible to all/Participation" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation" or "Visible to all/Non-participation" for all members of those groups. You should see "No groups" for all other users. Log in a student in the "Visible to members/Participation" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation", "Visible to members/Participation" for all members of those groups. You should see "No groups" for all other users. Log in a student in the "See own membership" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation". You should see "See own membership" for your own user, but not for other users in the group. You should see "No groups" for all other users. Log in a student in the "Visibility is hidden" group Visit the course's "Participants" page In the "Groups" column, you should see "Visible to all/Participation", "Visible to all/Non-participation". You should see "No groups" for all other users, including your own. Log in as admin Find a Forum activity that was generated as part of the course, and edit its settings. Set "Common module settings > Group mode" to "Visible groups" Go to the course's "Participants" page. Pick a user and add them to all 5 groups they are not currently a member of. Log in as this test user. Go to the "Visible groups" forum. Click on the "Visible groups" selector at the top of the page and check the list of options. You should see "All participants", "Visible to all/Participation" and "Visible to members/Participation" (the groups with participation == true) You should not see "Visible to members/Non-participation", "See own membership" or "Membership is hidden" (the groups with participation == false) In the Moodle app, connect to the site and log in as the user chosen in Step 25. Visit the test course and open the "Visible groups" forum. Follow steps 26-28 to confirm the same behaviour is present in the app.

      There is a FERPA/ADA compliance issue stemming from a design collision between the group override function and the participants page design.

      At some institutions, groups and membership in groups are used to implement accomodations for students via group override in a consistent manner (e.g. extensions to due dates, alteration to quiz time limits, etc.) Regardless of how these groups are named, the presence of students in these groups exposes their "different" status to anyone who can view this group membership.

      In at least one reported incident,  this resulted in an official complaint to OCR (U.S. Office for Civil Rights https://www.hhs.gov/ocr/index.html), which has already contacted our school to follow-up. This is based on default Moodle settings.

      The available workaround at this institution was to modify the default student role permissions to prohibit student access to the participants page. However, these options would be preferred (in order of preference):

      First choice:    Implement a "private" group checkbox for groups, and update the participants page to omit listings for groups flagged as private. Also recommended: force access restrictions based on private groups to be completely hidden (i.e. not greyed out w/ restriction condition listed) Also omit private groups from the filter except for teacher, manager, and admin roles (if this could come into effect anywhere).

      Second choice:   Update the participants page to omit group membership (this seems much less ideal since looking up your own group membership and who else is in your group seems to be a design goal of this page).

      Third choice:   Update the default student role permissions so that students cannot see the participants page by default. This is not optimal for a number of reasons.

       

        1. (I) Passed -- (Master)MDL-68093.png
          (I) Passed -- (Master)MDL-68093.png
          239 kB
        2. 68903mobileapp.jpg
          68903mobileapp.jpg
          345 kB
        3. checkbox ticked while being non-editable.png
          checkbox ticked while being non-editable.png
          10 kB
        4. Existing help text.png
          Existing help text.png
          199 kB
        5. Group_shows_to_ students_in_Forum.png
          Group_shows_to_ students_in_Forum.png
          168 kB
        6. Group_shows_to_ students_in_Participant_filters.png
          Group_shows_to_ students_in_Participant_filters.png
          155 kB
        7. group membership visibility.png
          group membership visibility.png
          14 kB
        8. groups.png
          groups.png
          101 kB
        9. MDL-68093 design doc.pdf
          33 kB
        10. Private Groupings Mockup.png
          Private Groupings Mockup.png
          174 kB
        11. private groups.gif
          private groups.gif
          72 kB
        12. private groups-1.gif
          private groups-1.gif
          72 kB
        13. private groups-2.gif
          private groups-2.gif
          22 kB

            Votes:
            31 Vote for this issue
            Watchers:
            44 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 7 hours, 6 minutes
                2d 7h 6m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.