Anonymization/Pseudonymization of users
While administrators and managers shall be able see on a per-campaign-basis the percentage of tests which failed and trainings which were begun/finished - they must not see the individual results of each users.
The users must not be displayed in clear text, only anonymized/pseudonomized.
Access to this individual information must only be accessible either using 4-eyes-principle authentication for this information or by creating a special administrator role which may see this kind of personally identifiable information.
We are currently considering how best to do this in a way that is effective and retains as much useful reporting functionality as possible.
Sascha Odenthal commented
Maik Lasarow commented
that would be great