-
Story
-
Resolution: Fixed
-
Normal
-
2.0
-
None
-
None
-
Space Authorization III
Collections and Datasets should be constrained such that the following holds true:
- The creator should always be able to view the resource
- Members of a space should be the only ones able to view a resource if it is assigned to a specific space.
Ensure that this handles both interactions through the UI as well as API and programmatic calls.
Question - Are there any exceptions to these rules? In terms of specific roles or methods of access?