metacatui icon indicating copy to clipboard operation
metacatui copied to clipboard

Published 20 hours ago verified publisher icon NCEAS

Share Metadata with All Authenticated Users

Open vchendrix opened this issue 5 months ago • 3 comments

Summary
Add a feature to AccessPolicyView that allows users to quickly share dataset metadata with all authenticatedUser subjects, similar to the existing Public toggle. This would enable broader but controlled sharing within the DataONE user community.

Background and Motivation
This requirement emerged from the WFSI project, where there is a need to make dataset metadata easily accessible to all authenticated users, not just the public. Currently, users can toggle between public and individual/group access, but there is no simple option for sharing with all authenticated users.

Proposed Solution

  • Add a toggle or option in AccessPolicyView labeled "Share with all authenticated users."
  • When selected, the appropriate access policy should be applied to grant read (and/or other relevant permissions) to the authenticatedUser subject.
  • UI/UX should be consistent with the existing Public toggle, making it clear who will have access when enabled.
  • Include help text or tooltips to explain the difference between "Public" and "Authenticated Users."

Questions for the Maintainers

  • Would this feature be useful for the broader MetacatUI community?
  • Are there any concerns about implementing such a toggle (e.g., security, permissions granularity)?
  • Would you consider a contribution for this feature from the WFSI project team?

Additional Context
This feature would streamline data sharing for collaborative projects where public access is not appropriate, but all logged-in DataONE users should have access.

vchendrix avatar Jun 25 '25 17:06 vchendrix

I have tested this out manually by taking a private dataset and sharing the metadata file only with authenticatedUser. An error message shows up when the data files cannot be accessed. This would need to be changed to a warning that they do not have permission to view the data files (instead of an error)

Image

vchendrix avatar Jun 25 '25 18:06 vchendrix

If I share both the resourceMap and the metadata file with authenticateUser but not the data files. Then we get this. Which allows the user to download the metadata file but the data files show up as pids. Maybe they should be filtered out?

Image

vchendrix avatar Jun 25 '25 18:06 vchendrix

In general I think adding authenticatedUser access control support would be beneficial and would be a better representation of our backend access policies. Adding verifiedUser might make sense too, although it is hard to get users verified at the moment.

Please note that class authenticatedUser is a subset of the class public, and so having both activated might not make sense. At first glance, and becuase access policies are additive, it seems to me that one might want to set read for only one of the three classes public, authenticatedUser, and verifiedUser, as setting more than one won't be super intuitive to users.

Please review proposed design mockups with @robyngit before beginning implementation. Thanks!

mbjones avatar Aug 27 '25 22:08 mbjones