Sharing and Permissions

# Sharing & Permissions

This guide explains how to collaborate and manage access in DataUnfold.

## Roles & access

– Common roles: Viewer, Editor, Owner, Admin (names may vary by deployment).

– Admins can manage users and assign scoped project or collection access.

– Editors and Admins already have global project access.

## Share a project

1. Open the project dashboard as an `admin`.

2. Use the **Share** button in the dashboard header.

3. Search for a user and apply `View only`, `Upload only`, `Edit`, or `No access`.

4. The change is saved through the same backend scoped-permission flow used by Account Management.

## How project sharing behaves

– Sharing a project adds that project ID to the user’s scoped `projects` permissions.

– A `view_only` user is automatically switched to `scoped` when project access is granted.

– Removing the last scoped project or collection access switches the user back to `view_only`.

– `admin` and `editor` users do not need project-specific sharing.

## Public access

– Public access is configured per project from the Share dialog or project settings.

– Public access supports `View only` or `Upload only`.

– Public access never grants edit rights.

– A protected system `public` user exists in the database by default. It is not loginable and cannot be deleted or edited from account management.

– A public route is normalized as that `public` user identity without requiring login.

– Runtime access checks for a public route are resolved from the protected `public` user’s scoped project permissions.

– `Upload only` uses the same upload-only dashboard behavior as scoped user permissions.

– When `canUpload` is false, upload UI must stay hidden: no upload CTA, no add-media overlay, and no floating `+` add menu.

## Common issues

– User not visible in share dialog: confirm the account exists and is not your current user.

– Missing permissions after update: verify the user is not relying on a stale session and refresh if needed.

## Best practices

– Prefer scoped sharing over broad global roles when a user only needs one project.

– Review scoped access periodically, especially for upload or edit permissions.

What are your feelings

Updated on April 3, 2026