Clear signal for external groups

07-31-2019 01:31 PM
Status: Open
New Contributor III

For security/clarity purposes, it seems like a good idea to indicate to users whether a group belongs to their organization or not, especially when they share data to an external group.

Our org (a university) administers two AGOL instances, one for internal/administrative work and one for educational purposes. The internal org is managed by administrative IT, and only certain staff members have accounts there as-needed. The educational instance, however, is open to any student, faculty, or staff member. Using the Python API (invite_users) it is possible for a user on the educational side to invite internal users to groups on the educational org, even though those internal users' profiles are not publicly visible. Internal users can then share internal datasets to the educational group. This may be desirable in some cases, i.e. to support a student project using administrative data (location of parking spaces, for example-- something genuinely non-sensitive). 

However, because there is no indication to users that they are sharing data to a group that doesn't belong to their organization, there is no good way for users to then not accidentally share sensitive data: say for instance, six months later, that user accidentally shares parking ticket information to the educational org group, because its name is similar to the internal parking group.

A different color for external groups, or even a confirmation popup ("this group does not belong to your organization, would you still like to share this item?") would give users a chance to reconsider.