When an ArcGIS Survey123 form is created, by default users are able to add, update and query existing data. When survey forms are shared publicly, it is possible to access the REST endpoint of the feature service, which in turn, permits access to the survey responses. The survey responses may contain sensitive or personal information that must be hidden.
Survey123 forms can be shared publicly without permitting access to the submitted responses in the survey by configuring the settings in Survey123 Web Designer.
When surveys are created from the Survey123 website, a new folder with the survey form and a hosted feature layer is created in ArcGIS Online. When the survey is shared publicly, the Form view (formerly known as Fieldworker) is shared automatically, but the hosted feature layer is not shared in ArcGIS Online.
However, for the surveys published from Survey123 Connect, the Form view must be created manually. Refer to How To: Create the Form view for surveys published in ArcGIS Survey123 Connect for more information. The export capability of the Form view layer is disabled by default and the update capabilities are determined by the survey settings configured under Collaborate tab in Share survey section. is enabled .
Note: To manage the sharing and editing settings for a survey, using the Collaborate tab in the Survey123 website is recommended and it is not recommended to change the feature layer or view layer settings directly from the Settings tab in the Item Details page in ArcGIS Online content to ensure that the desired sharing/editing setting for the survey are properly configured.
For example, in the image of the Web Designer below, if Add and update records (read access enabled) is selected under What can submitters do?, the editing settings of the Form view layer are adjusted accordingly. Since the update capability is enabled, the Editors can't see any features, even those they add option for What features can editors see? in the Settings tab in ArcGIS Online cannot be selected.
With the update capability enabled, although the Editors can only see their own features (requires tracking) option is checked, public users can view all the responses submitted by anonymous users by querying the survey's view layer. This is because public users do not have ArcGIS Online accounts, and they cannot be tracked. However, public users cannot access responses submitted by users with ArcGIS Online accounts.
To restrict public user access to submitted responses, check the Only add new records for What can submitters do? under Collaborate tab, and check the Editors can't see any features, even those they add check box under the What features can editors see? setting in ArcGIS Online. This is shown in the next image.
With these settings, public users can access the REST endpoints but do not have the query or update capability, and the Create Replica operation is not supported because the Export option is disabled for the layer view. The image below displays a comparison of the supported operations for the owner and a public user when accessing the REST endpoint of the Form view layer, and shows that public user cannot access the Query, Append, or Create Replica operations.
Note: To ensure the security of public survey data, use ArcGIS Online Security Advisor, a Public Survey123 Check tool that provides security awareness of the ArcGIS Online organization's configuration settings and content. However, this tool is not officially supported by Esri. Refer to ArcGIS Online Security Advisor for more information.