Inside any " Tracked entity type" you can assign “Tracked entity type attributes”. What is the real purpose of this? Programs use its own Program tracked entity attributes (stage 3).
It seems some confusing, to have Programs enrolled to Tracket Entity Types and “reveice attributes” from the Track Entity Type and also at the same time from the Program itself (stage 3).
Tracked Entity Attributes are supposed to represent attributes that are common between all programs, for example name, date of birth, address, etc.
A major difference between these way of assigning attributes (Either to the Tracked Entity Type or the Program) is how they are treated by the API. Attributes assigned to a Tracked Entity Type will be available for all users who can access the tracked entity instance, while attributes assigned to a program can be hidden behind the sharing for the program, or by a recently introduced feature called “breaking the glass”.
You can configure a program to use this “breaking the glass” feature, which makes users have to request permission (by giving a reason for access) to be able to see the attributes in that program, if they dont have full access to the program already.
It gets a bit complicated, but you can think of it like this:
Tracked Entity Type Attributes should not be sensitive information, since it is available to anyone who can see the tracked entity instance
Tracked Entity Program Attributes can be hidden away from users if they dont have high enough access.
I just want to flag that there’s a serious bug which prevents metadata for TET attributes from importing into 2.30 (and presumably all versions thereafter) - see [DHIS2-6133] - Jira.
This has made deploying programs that use TET attributes quite problematic, so I’d suggest you avoid using them until this bug is resolved; you can just configure all attributes at the program level, rather than at the TET level.
(Or @viet , is this bug fixable in the near future? It’s been open since February this year.)