Permission bug on AGOL Views?

304
2
05-18-2020 10:48 AM
Trippetoe
Occasional Contributor III

I am wondering if there is a bug (or is this maybe a feature?) with permission settings on feature layer views.  In my Publisher role i created a new hosted feature layer (let's call it Layer1). Layer1 is shared with no other groups, org or the public. I then created a feature layer view (Layer1_VW) from Layer1 which restricted the features and the fields that are visible to users. I shared that view with my 'Developers' group. The Developers group has 'Shared Update' enabled.

Then i logged in to AGOL with an account that has the 'User' role and is also a member of the 'Developers' group. As a 'User' i could see Layer1_VW and add it a map.  But i was also able to change completely the definition of the view, removing the features and fields restrictions.  As a 'User' i was able to undo everything the View as intended to do thus making the 'restricted' data available to everyone in the group.  Is that the expected behavior - that a User can change the view definition without having access to source hosted feature layer?

 

If that is the expected behavior, how can i create a view on a hosted feature layer where i can be sure that the restrictions can't be edited or removed by anyone other than the owner of the view?

0 Kudos
2 Replies
Trippetoe
Occasional Contributor III

I learned that the key is the editing permissions for the group. If i share the view with a Group that has 'Shared Update' enabled, then anyone in the Group can change the definition of the view features, but not the fields.  If the view is shared with a Group that does not have 'Shared Update' enabled, then no one but the owner can change the View definition.

So now the question is, can i create a View such that only the owner of the View can change the definition of the View when that View is shared with a Group that has 'Shared Update' enabled?

NickShannon2
New Contributor III

Yes, I have discovered the same thing. 

 

The scenario is, I want to share a view (with a definition query) to a group (with editing enabled).  That way, members of the group can update the view & will only see the fields & attributes relevant to their task. 

However, anyone from the group can remove the query if they felt so inclined.  

 

Perhaps the group could have a setting that removes the ability to edit definition queries of views….  

0 Kudos