In addition to User Group filter used in Visual module we introduce data source sharing model that affects Store, Mine, Classify, Visual modules.
By default all sources in Store (uploads, surveys, virtual sources) and Mine are visible to all users and user groups unless edited by person who has permissions to change the viewership.
1. Uploads. The author of upload can restrict access to the file view or appending or isolate the file from everyone.
By default all uploads are view only for all users.
2. Surveys. All surveys have no Owner user attached to it however all users can edit access to the survey by default until changed.
3. Virtual Sources. When created, the Virtual Source has no "Owner" user however the author gets "Full" role by default. The author's role can be changed (not permanent).
4. Recoded Variables. The access to Recoded Variables is inherited by the parental source. For example, if you have access to a specific survey in Store, you'll also have access to all Recoded Variables created inside this survey. This scheme also applies to RV based on Virtual Sources.
The author of Query gets the "Owner" role while query is not shared with anyone for view or edit.
Classifiers in this case affected very specifically: the user can apply any classificator only to the shared pool of Uploads/Surveys. If the source is closed for viewing it won't be availible in "Apply to survey" or "Apply to external data" dropdown.
If a user is excluded from data source sharing for a particular data source in STORE, it will affect the visibility of that data source in Visual. The gadget built on a source a user has no permission to view/manage will not be shown to a user, the message that will be displayed is the following:
Yet, the user will be able to see the datasource in the dropdown when creating new gadgets. The names and columns of the existing datasource will be seen, but the content won't be shown to the user with the lack of permissions.
The model has following roles availible:
|Owner||The author of source. This role remains static, the user has read/write access, can edit permission for others, delete source.|
|Can be treated as second owner, the only difference is that "full" access user cannot remove "Owner" role from author. Has read/write access, can edit permission for others, delete source.|
|Has read/write access, can edit permission for others, can't delete the source.|
|Has read access only.|
By clicking "Share" arrow button the user can change the permission of the chosen source. It is necessary to click on "viewer" label to switch role.
In this example we have "CX management" user group as group of people who can do anyhing to the source, i.e. add new permissions or delete source, "Customer Service" team that can interact with source but can't delete it, and "James Carter" who can only see the source as is and use it in other related modules.