For security reasons, Metrici only allows two types of data sharing across accounts:
- Users can grant rights to the anonymous user which means that anyone can have read permissions on the data.
- Users can package products which means that, through the product install process, other users can have link rights to the data and can thus use node types and fields created by other people.
Metrici deliberately disallows a user in one account to update data owned by a user in another account.
Obviously, it is useful for users on different accounts to collaborate. To achieve this in a secure and controlled manner, Metrici provides linked users functionality. This allows the user in one account (the main user) to run as a user in another account (the proxy user) to perform actions within the other account. Within the UI, Metrici automatically switches credentials when accessing pages belonging to the other account. There is still separation of the data—for example, the main user cannot link to data owned by the other account—but the linked users mechanism allows a person to sign on once and then use data from multiple accounts.
The credential switching mechanism is implemented within the <paxina:run> tag code that supports all calls to the back-end code from the front end. The UI code identifies the node that is the context of the page, and then the <paxina:run> tag looks up a liikely account for the node using the GetAccountForNode service. If necessary it then uses the CreateProxySession service to create a suitable session for that account. Calls to GetAccountForNode are cached across all users and those to CreateProxySession are cached for the duration of the user's session.
The user record for the proxy user identifies the main user and indicates whether the proxy is active. The proxy active indicator can be set and unset by the main user, to indicate whether they are currently participating in the proxy, and in effect allows the main user to disable and re-enable the link. The account holder of the account that contains the proxy user can disable and delete the proxy user in the normal manner.
Users are invited to connect using an Invitation node, and passing this to a confirmation screen using the URL:
Where xxx is the node version reference of the invitation.