How to Secure Kobo Toolbox Dashboards for Sensitive Data (Power BI & Tableau)

While working on a public health project, I discovered a critical flaw: our Kobo dashboard displayed patient names and GPS coordinates publicly due to misconfigured sharing settings. After a frantic overhaul, I developed a foolproof security framework to protect sensitive field data—without sacrificing usability.

Here’s how to secure your Kobo-connected dashboards in Power BI and Tableau, covering access control, anonymization, and encryption.

Step 1: Secure the Kobo Data Source

A. Restrict Access in Kobo Toolbox

1. Form-Level Permissions:
   • In Kobo, go to Project Settings → Sharing.
   • Assign roles:
     • Viewer: Read-only access.
     • Editor: Submit/edit data.
     • Owner: Full control.
2. Disable Public Links (if sensitive):
   • Uncheck “Allow anonymous submissions.”

B. Audit Submissions

• Regularly check “Data → Logs” for suspicious exports or logins.

Step 2: Protect Data in Power BI

A. Row-Level Security (RLS)

Scenario: Clinic managers should only see their facility’s data.

1. Create roles in Power BI Desktop:
   • Modeling → Manage Roles → Create Role (e.g., “Clinic_A”).
2. Add a DAX filter: Copy[Facility_Name] = USERNAME()
3. Publish to Power BI Service and assign users to roles.

B. Anonymize Sensitive Fields

• Use Power Query to:
  • Replace names with IDs (Text.Replace([Name], ".", "USER-")).
  • Round GPS coordinates (reduces pinpoint accuracy): CopyLatitude_Anon = Number.Round([Latitude], 2)

C. Encryption & Compliance

• Enable Microsoft Purview for data classification.
• Use Sensitivity Labels to restrict copying/exporting.

Step 3: Lock Down Tableau Dashboards

A. User Filters

1. Link Tableau user emails to Kobo facilities:
   • Create a User-Facility mapping table.
2. Add a data source filter: Copy[Facility] = {FIXED [User] : MAX([UserFacilityMap].[Facility])}

B. Hide Sensitive Data

• Right-click columns → Hide (still usable in calcs but invisible).
• Use Parameter Actions to dynamically mask data (e.g., show “***” for names).

C. Secure Published Dashboards

• On Tableau Server/Online:
  • Set “View Only” permissions.
  • Enable “Download Restricted” to block exports.

Step 4: Secure Data in Transit

A. API Connections

• Always use HTTPS (Kobo’s API enforces this).
• Rotate API tokens quarterly.

B. VPN for Field Teams

• If accessing dashboards in low-connectivity areas, require VPN access.

Step 5: Audit & Monitor Access

Power BI

• Use the Audit Log (Microsoft 365 Admin Center) to track:
  • Who viewed dashboards.
  • Export attempts.

Tableau

• Check “Admin → History” for suspicious activity.

Real-World Example: Refugee Health Data

I secured a Kobo dashboard for an NGO by:

1. Anonymizing patient IDs.
2. Restricting data by camp location (RLS).
3. Auditing logs weekly.
   Result: Zero breaches despite 100+ users.

Free Resources

• Kobo Security Checklist
• Microsoft’s RLS Guide

Need a security review? DM me your dashboard setup!

P.S. What’s your biggest security worry? Public links? GPS risks? Comment below! 👇