I am wondering if there is a bug (or is this maybe a feature?) with permission settings on feature layer views. In my Publisher role i created a new hosted feature layer (let's call it Layer1). Layer1 is shared with no other groups, org or the public. I then created a feature layer view (Layer1_VW) from Layer1 which restricted the features and the fields that are visible to users. I shared that view with my 'Developers' group. The Developers group has 'Shared Update' enabled.
Then i logged in to AGOL with an account that has the 'User' role and is also a member of the 'Developers' group. As a 'User' i could see Layer1_VW and add it a map. But i was also able to change completely the definition of the view, removing the features and fields restrictions. As a 'User' i was able to undo everything the View as intended to do thus making the 'restricted' data available to everyone in the group. Is that the expected behavior - that a User can change the view definition without having access to source hosted feature layer?
If that is the expected behavior, how can i create a view on a hosted feature layer where i can be sure that the restrictions can't be edited or removed by anyone other than the owner of the view?
I learned that the key is the editing permissions for the group. If i share the view with a Group that has 'Shared Update' enabled, then anyone in the Group can change the definition of the view features, but not the fields. If the view is shared with a Group that does not have 'Shared Update' enabled, then no one but the owner can change the View definition.
So now the question is, can i create a View such that only the owner of the View can change the definition of the View when that View is shared with a Group that has 'Shared Update' enabled?
Yes, I have discovered the same thing.
The scenario is, I want to share a view (with a definition query) to a group (with editing enabled). That way, members of the group can update the view & will only see the fields & attributes relevant to their task.
However, anyone from the group can remove the query if they felt so inclined.
Perhaps the group could have a setting that removes the ability to edit definition queries of views….