Tracked Entity Attributes are supposed to represent attributes that are common between all programs, for example name, date of birth, address, etc.
A major difference between these way of assigning attributes (Either to the Tracked Entity Type or the Program) is how they are treated by the API. Attributes assigned to a Tracked Entity Type will be available for all users who can access the tracked entity instance, while attributes assigned to a program can be hidden behind the sharing for the program, or by a recently introduced feature called “breaking the glass”.
You can configure a program to use this “breaking the glass” feature, which makes users have to request permission (by giving a reason for access) to be able to see the attributes in that program, if they dont have full access to the program already.
It gets a bit complicated, but you can think of it like this:
- Tracked Entity Type Attributes should not be sensitive information, since it is available to anyone who can see the tracked entity instance
- Tracked Entity Program Attributes can be hidden away from users if they dont have high enough access.
Hope this clears it up a little bit!