Shared personal dashboard allows query editing
Can someone confirm that this is the expected behavior? When a personal dashboard is shared, other users appear to be able to edit queries, even if the query was not shared with them. There does not appear to be read only privilege to the query so that the dashboard will work, without also providing write access to users of the dashboard. We also see this behavior with queries shared with the project area, so the project dashboard can use them.
Accepted answer
Vince,
as far as I can tell, there is no mechanism in RTC that prevents anyone from grabbing a query (or anything else he can see) for editing. You can basically edit queries you can see and run the queries. In general you can open and edit queries. There are permissions on saving things like queries. If you don't have the permission you can not save certain things in certain contexts. E.g. you can not modify a team dashboard. However, you would still be able to modify things like queries and save a personal copy.
With respect to permissions, as far as I can see there is nothing like "Only the owner or creator can save the query". I just tried with an individually shared query and the user I shared it with was able to save the shared query after modifying it. Even with the everyone role. So I think at least for now this is the expected behavior.
RTC was initially designed to allow a team of responsible people to collaborate as effectively as possible.
I have seen a lot of requests to limit capabilities to the owner or some other related user or group of users. I would suggest to file an enhancement request if you need more fine grained control.
as far as I can tell, there is no mechanism in RTC that prevents anyone from grabbing a query (or anything else he can see) for editing. You can basically edit queries you can see and run the queries. In general you can open and edit queries. There are permissions on saving things like queries. If you don't have the permission you can not save certain things in certain contexts. E.g. you can not modify a team dashboard. However, you would still be able to modify things like queries and save a personal copy.
With respect to permissions, as far as I can see there is nothing like "Only the owner or creator can save the query". I just tried with an individually shared query and the user I shared it with was able to save the shared query after modifying it. Even with the everyone role. So I think at least for now this is the expected behavior.
RTC was initially designed to allow a team of responsible people to collaborate as effectively as possible.
I have seen a lot of requests to limit capabilities to the owner or some other related user or group of users. I would suggest to file an enhancement request if you need more fine grained control.