You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
People with orgUnit constraints should only be able to perform the read operation on datasets not assigned to an orgUnit.
We currently allow people with the orgUnit constraint to perform any granted permissions on datasets not assigned to an orgUnit.
This use case is to grant public users read access to some public datasets.
However, it might potentially allow users from other departments who has been granted edit/update permission to edit / update the datasets.
To solve this issue, we will alter the rule in the policy that only allows read permission can be granted to other users via permissions with the orgUnit constant.
Technical Notes
This change won't stop a non-admin user to set a dataset to a public dataset as he should still have the update permission via permission with ownership constraint
Once the dataset's orgUnitId is set to empty, users who has only permission orgUnit constraint within the same department as the creator will lose the update / delete permission. If the creator still want to share the update / delete permission within his department, he can create an access group.
The text was updated successfully, but these errors were encountered:
Description
People with orgUnit constraints should only be able to perform the
read
operation on datasets not assigned to an orgUnit.We currently allow people with the orgUnit constraint to perform any granted permissions on datasets not assigned to an orgUnit.
This use case is to grant public users read access to some public datasets.
However, it might potentially allow users from other departments who has been granted edit/update permission to edit / update the datasets.
To solve this issue, we will alter the rule in the policy that only allows
read
permission can be granted to other users via permissions with the orgUnit constant.Technical Notes
The text was updated successfully, but these errors were encountered: