This page explains how access to study data works in OpenClinica 4. It describes which aspects of access are configurable and how these settings interact to determine what actions users can perform on each form.
Form permissions define how users interact with forms—whether they can view, review, or edit data—while user roles define broader privileges across the study.
Together, these settings ensure that each user has the appropriate level of access to perform their study tasks securely and efficiently.
Roles and Access Overview
Base Roles
Base roles define overall permissions and default form access for common study functions (for example, Clinical Research Coordinator, Site Monitor, Data Manager).
Custom Roles
Custom roles are derived from base roles to meet study-specific requirements.
For example, a custom CRC role may have reduced permissions compared to the standard CRC role.
For details on creating and managing custom roles, refer to User Roles.
Form Categories
Form categories define how OpenClinica applies access rules to different types of forms.
Each category—Contact Forms, Tagged Forms, and Untagged Forms—follows distinct rules for visibility, permissions, and storage. Understanding these categories helps ensure that each form’s data is protected and accessible to the right users.
Contact Forms
Contact forms contain specially designated Personally Identifiable Information (PII) data.
A form is automatically treated as a Contact Form when it includes one or more fields configured to use the external value / bind::oc:external contactdata.
Forms can include both contact and non-contact data fields, but only fields using contactdata are treated as contact data for storage and access purposes.
For information on adding contact data fields to forms, refer to one of the following, depending on your method of form design:
By default:
- CRCs and Investigators can edit contact forms.
- Other roles have no access unless additional permission tags are applied.
ℹ️ Note: To add or revoke access to contact form(s) for specific roles, see the How Access to Contact Data Works section below.
If a form contains both contact and non-contact fields, only the contact fields follow the special access and storage rules described in Understanding Contact Data.
Tagged Forms
Tagged forms are forms with a manual permission tag applied in Study Designer.
These tags allow study designers to grant or restrict form access for specific roles.
For example, you can:
- Hide a form from a particular role by setting it to No Access.
- Grant Read-only, Review, or Edit access to other roles.
Access to tagged forms must be explicitly granted; as they are set to No Access by default.
For information about how to create manual permissions tags in Study Designer, refer to Permission Tags.
Untagged Forms
Untagged forms are study forms that neither contain specially designated Personally Identifiable Information (PII) data nor have manual permission tags applied.
Default access is based on the user’s base role but can be configured to one of the following levels: Read-only, Review, or Edit.
Access Levels
Different access levels are available depending on the type of form—for example, Contact Forms, Tagged Forms, or Untagged Forms.
These access levels determine what a user can do with each form, such as viewing, reviewing, or editing data.
| Access Level Availability by Form Type | ||||
| Access Level | Description | Contact Forms | Tagged Forms | Untagged Forms |
| Read-only | User can view form data but cannot edit or create queries. | ❌ | ✅ | ✅ |
| Review | User can view data and create or update queries, but not edit data. | ❌ | ✅ | ✅ |
| Edit | User can enter or update form data. | ✅ | ✅ | ✅ |
| No Access | User cannot view or open the form. | ✅ | ✅ | ❌ |
ℹ️ Notes:
While adding and updating queries is governed by your form access level, access to close queries is determined by your role permissions in addition to form access level. Closing queries is only possible in Review and Edit modes for roles that have this ability.
- For example, Monitors and Data Managers with Review or Edit access can close queries, while non-DM / non-Monitor users with Review or Edit access can only update them.
- ⚠️ Important: If a Monitor or DM does not have access to a form, the query will not be visible, and therefore they will not be able to close it.
Similarly, SDV access is determined by your role permissions in addition to form access level. SDV is only possible in Read-only, Review, and Edit modes for roles that have this ability.
Only form data access is configurable through this feature—other actions such as viewing or editing contact data outside of forms, adding participants, scheduling events, and removing records remain controlled by the role definition.
How Access to Contact Data Works
Access to contact data is intentionally limited and controlled through a combination of role permissions and form-level tags.
Default Access
By default:
- CRCs and Investigators (site-level users) can view and edit contact data entered directly in the system.
- All other users (including both site- and study-level users) do not have access.
- These defaults can be further refined by applying manual permission tags and updating form-level access settings.
Adjusting Access with Permission Tags
Use Manual Permission Tags to add or revoke access to contact form(s) for specific roles:
To adjust access:
- Apply a Manual Permission Tag to the contact form in Study Designer.
- Set the desired access level in User Role configuration: Read-only, Review, Edit, or No Access.
💡 Example Scenarios
- Restricting access:
A CRC user is responsible for completing certain study forms but should not have access to contact data.- Create a custom role based on the CRC base role.
- Apply a Manual Permission Tag to a Contact Form in Study Designer and set the CRC role access level to No Access to prevent users with that role from opening contact forms.
- Granting access:
Monitor users need to view contact forms to perform their study duties.- Apply a Manual Permission Tag to a Contact Form and set the Monitor role access level to Read-only or Review, depending on the level of access required.
⚠️ Important: If a form is both a Contact Form and has a manual permission tag, the manual tag’s access level takes precedence.
⚠️ Before Publishing a Permission Tag:
- Confirm Tag Settings: Verify the tag’s configuration to prevent unintentionally granting or denying access.
- Check User Roles: Review the User Role screen to ensure no users have been inadvertently granted or denied access to the form.
💡 Tip: Always double-check both tag settings and user roles to maintain accurate access control for all forms.
How Contact Data Is Displayed in Study Runner when Manual Tags Used
To protect participant privacy, contact data is visible only where appropriate and is masked or excluded in other views. Manual permission tags override default access to Contact Forms, but do not necessarily override access to contact data as a whole.
The table below summarizes where contact data may appear in the system, how visibility of contact forms is affected by manual permission settings, and any exceptions or special considerations for each area.
ℹ️ Note: For more information about the differences between contact data and contact forms, refer to Contact Data vs. Contact Form.
| Area | Contact Data vs Form | Manual Tag: No Access | Manual Tag: Access | Notes |
| Participant Matrix – Single Event View | Contact Data | N/A | N/A | N/A |
| Contact Form | ❌ No | ✅ Yes | When a user has no access to a contact form via manual permissions, they will see the form status icon in the Participant Matrix Single Event View, but not be able to view / edit the form. | |
| Participant Details Page – General Information section | Contact Data | ⚠️ CRC/ Investigator | ⚠️ CRC/ Investigator | Certain contact information (for example, Email, Mobile) may display based on study configuration for CRCs and Investigators only. This cannot be overridden by manual permission tags. |
| Contact Form | N/A | N/A | N/A | |
| Participant Details Page – Visits Section | Contact Data | ❌ No | ✅ Yes | Visible within form for users with access. |
| Contact Form | ❌ No | ✅ Yes | Form cards are visible and forms are available to open when the user has read-only, review or edit access. | |
| Queries Page / SDV Page | Contact Data | ❌ No | ❌ No | Contact data cannot be queried or source data verified, and therefore is not present. |
| Contact Form | ❌ No | ✅ Yes | Visible if access granted via manual permission tag. | |
| PDF Casebooks | Contact Data | ❌ No | ❌ No | Contact data is present in the form details but masked for privacy for all users, regardless of form permissions. |
| Contact Form | ❌ No | ✅ Yes | Form data will be present if the user has access to the form via manual permission tag. | |
| Clinical Data Extracts and ODM-XML/JSON Casebooks | Contact Data | ❌ No | ❌ No | Contact data is present in the participant audit details, but masked for privacy, regardless of form permissions. |
| Contact Form | ❌ No | ✅ Yes | Form data will be present if the user has access to the form via manual permission tag. | |
| Clinical Data API | Contact Data | ❌ No | ❌ No | If audit data is included in the API response, the contact data is present but masked for privacy, regardless of form permissions. ℹ️ Note: Contact data is available through the Contact Data API only to CRCs and Investigators. For more information, refer to Retrieve Participant Contact Information. |
| Contact Form | ❌ No | ✅ Yes | Form data will be present if the user has access to the form via manual permission tag. | |
| Participant Audit Log | Contact Data | ⚠️ CRC/ Investigator Only | ⚠️ CRC/ Investigator Only | Visible only to CRCs and Investigators in the participant section. Masked for all other users, regardless of form permissions. |
| Contact Form | ❌ No | ✅ Yes | Form data will be present if the user has access to the form via manual permission tag. | |
| Consent | Contact Data | ❌ No | ✅ Yes | Available to view when the user has read only, review or edit access via manual permission tag. |
| Contact Form | ❌ No | ✅ Yes | Available to view when the user has read only, review or edit access via manual permission tag. | |
| Attestation | ❌ No | ⚠️ CRC/ Investigator Only | Contact data visible only to CRCs and Investigators. Masked for all other users with access. | |
| Insight | Contact Data | ❌ No | ❌ No | Contact data is not passed to Insight. |
| Contact Form – RLS enabled | ❌ No | ✅ Yes | Form data will be visible in Insight (and controlled via manual permission tag if RLS [row-level security permission syncing] is enabled). | |
| Contact Form – No RLS | ✅ Yes | ✅ Yes | Form data will be visible in Insight if RLS (row-level security permission syncing) is not enabled since permissions are managed separately in Insight in that case. |
Security and Privacy Safeguards
- Icons and Visual Indicators
Contact forms display a contact data icon, and tagged forms display a permission tag icon. These help you identify sensitive forms at a glance. - Data Masking
Contact data is always masked in exports (ODM XML, ODM JSON, and PDF Casebooks). - Audit Logs
Only CRCs and Investigators can view contact data in the participant section of the audit log. Other users see masked values, including when audit data is exported. - Role Reference
The Contact Form Edit privilege is displayed on the User Roles page for transparency.