Applying PDP and Publication Groups

We are using publication groups to give external users access to their, and only their, data.  Since Publication groups can't be accessed via the current API endpoints we also thought to programatically define PDP to guarantee a second layer of protection against people seeing data they shouldn't. We tested this and it looks like the access defined under the publication group policies overrides those defined on the dataset's pdp...

 

Is this intentional? Is there a way to make this work such that the Publication group applies appropriate PDP policies to the datasests used in the cards in the publication group, then the publication group access rules are applied as well?

Thanks,

Comments

  • AS
    AS 🔵

    Good question.  I've wondered how the two methods interact but never asked.  I figured both would apply, as in the strictest possible combination.

     

    Following for any responses.

    Aaron
    MajorDomo @ Merit Medical

    **Say "Thanks" by clicking the heart in the post that helped you.
    **Please mark the post that solves your problem by clicking on "Accept as Solution"
  • I'm going to take this one step further.  We had a dataset with PDP on it, and a user setup as Participant.  The user couldn't see the data on the card shared with them because of PDP.  Updated PDP to allow that user, which seemed to override the Participant setting and allowed the user to create and edit cards.