The principle of least privilege (PoLP) refers to an information security practice of restricting a user to the minimum levels of access and/or permissions they need to perform their job. For example, a data entry user should not have permission to export data.

When implemented thoughtfully, the principle of least privilege (also referred to as the principle of minimal privilege or the principle of least authority) strikes a balance between 1) the usability of a software application, by simplifying how the user interacts with the software and reducing the impact of human error, and 2) the implementation of security protections, by enforcing safeguards to protect critical data, configuration settings and critical components of the software's operational performance. 

Applying the principle of least privilege in the context of a REDCap project is critical to 1) maintaining the integrity and validity of the project build, 2) preventing data quality and data loss issues, and 3) helping users comply with regulatory requirements and OHSU security and privacy policies.

In practical terms, to apply the principle of least privilege means the project point person uses the project's User Rights module to assign each user permission to only the tools or modules they need to perform their job as it relates to their responsibilities for that particular REDCap project.

Considerations

1: Consider the activities, in the list below, that are typically involved in collecting data for a research study: 

  • Data entry
  • Data monitoring/data collection monitoring
  • Data clean up
  • Data analysis
  • Developing and/or managing the tool or tools for data collection, in this case a REDCap project.

2: Consider the commonly used REDCap modules or tools in relation to the data collection activities listed above.

ActivityREDCap Modules/Tools/Functionality
Data entry
  • Create & Edit Records
  • Data Import Tool
  • File Repository
Data monitoring
  • Data Reports
  • Data Quality Rules
  • Stats & Charts
  • Record Locking
  • File Repository
  • Survey projects > Survey Distribution Tools
Data clean up
  • Create & Edit Records
  • Data Reports
  • Data Quality Rules
  • Data Resolution tool
  • Record Locking
  • File Repository
  • Survey collection > Edit Survey Response
Data analysis
  • Data Exports
  • Stats & Charts
Developing and/or managing
the REDCap project
  • Project Design & Setup
  • Logging
  • User Rights
  • Survey forms
  • Survey Project > Survey Distribution Tools
  • Optional, advanced or external modules (such as randomization, alerts and modifications)

3: Consider institutional security and privacy policies and regulatory requirements, such as:

  • All users must be listed on the protocol.
  • All users must be up-to-date with trainings required by the institution, such as CITI trainings, Security and Privacy training, HIPAA training, etc.
  • Users are responsible for the data they download/export. If the data download/export includes protected health information (PHI) or any other type of restricted information, the user must be up-to-date with the institution’s security policies that define which devices are secure and in compliance for receiving/storing the restricted data.
  • Sharing user accounts or sharing passwords is prohibited by institutional security policies. 

4: Consider which users have completed trainings related to REDCap

  • Users assigned Project Design and Setup permissions should have completed our Basics training.
  • Users assigned Survey Distribution permissions should have completed our Survey training. 

Best Practices

  1. User management is an ongoing activity and the project point person should monitor users assigned to the project and permissions assigned to each user.
  2. If a tool or module is not used by anyone, do not give anyone permission to that tool.
  3. No more than 2 users (the project point person and their back-up) should be assigned Project Design and Setup permissions.
  4. No more than 3 users (the project point person, their back-up, and another user with REDCap training) should be assigned User Rights permissions.
  5. Don't leave enabled for any user permission to rename and delete records.
    1. Renaming a record means editing the record id.
    2. Leaving these permissions enabled, by default, for users elevates the risk of inadvertent data loss from a user accidentally deleting a record or editing the record id to an be the id assigned to another participant.
    3. To delete or rename a record, enable the appropriate permission, delete or rename the record, and then immediately disable the permission.
  6. If more than one user will be performing the same activities, such as data entry, create a role.
  7. Centralize survey distribution so no more than 3 users (the project point person and up to 2 other staff helping manage survey distribution) are assigned Survey Distribution permissions.
  8. Remove users from your project when they leave the project team.
  9. Only a user with Basics and Survey training, and up-to-date with the wiki training for e-consent, should edit an e-consent survey.
  10. Use Data Access Groups (DAGs) if you are collecting data at more than one study site.