Share a Collection

Overview

By default, Collections in Enterprise h2oGPTe are private and only accessible to the creator. You can share Collections in three ways:

Additionally, Collections can be shared with specific users with certain permitted actions or IdP (Identity Provider) groups. To share a Collection with a particular group, specify the group's ID. This level of access control ensures that only the intended users or groups have access to the Collection and its content.

When discussing the role of identity providers (IdP) in Enterprise h2oGPTe, it is essential to distinguish between IdP roles and IdP groups. IdP roles are used to grant or restrict access to various system features and functionalities within Enterprise h2oGPTe. These IdP roles can be mapped to internal Enterprise h2oGPTe roles for seamless integration.

On the other hand, IdP groups serve a different purpose. They are used as entities for sharing data within Enterprise h2oGPTe. By mapping these groups to entities such as Lightweight Directory Access Protocol (LDAP) groups on Keycloak, Enterprise h2oGPTe enables seamless data sharing with specific users and teams.

It is worth noting that while LDAP groups on Keycloak are one example of how groups can be mapped in Enterprise h2oGPTe, this is not the only way. The configuration of Keycloak to inherit group information from LDAP is just one possible implementation, and other identity providers and group mapping strategies may also be used.

info

• Once a Collection is made public, any authenticated user of the system or API can view and interact with the Collection.
• To learn about roles and permissions in Enterprise h2oGPTe, see Roles and Permissions.

Document delete permissions

To delete documents from a Collection, users must have the Delete documents permission (assigned via Roles and Permissions). See Roles and Permissions to learn more.

Beyond that, who can delete depends on ownership and permissions:

• Collection owners: Can delete any document in their Collection, regardless of document ownership. No additional collection-specific permission is required.
• Document owners: Can delete their own documents from any Collection, even if they don't own the Collection.
• Users with collection delete permission: Can delete documents they don't own from Collections they don't own, when granted the collection-specific delete permission during Collection sharing. Remember, this permission allows deletion of non-owned documents within the shared Collection.

note

To learn how to share collections, see Instructions to share a collection below.

Examples

• Alice shares Collection C with Bob and grants the collection-specific delete permission. If Bob has the general Delete documents permission, he can delete document D even though he doesn't own the document or the Collection.
• Carol owns Collection C. If she has the general Delete documents permission, she can delete any document in the Collection without additional permissions.
• Dave owns document E. Even if Dave doesn't own Collection F, he can delete document E from Collection F if he has the general Delete documents permission.

Best practices

caution

• Grant delete permission carefully: Users with this permission can delete documents owned by others.
• Use restrictive permissions: Don't grant the delete permission if you want to prevent document deletion.
• Review permissions regularly: Periodically check which users have delete permissions.

Instructions to share a collection

To share a Collection, consider the following instructions:

1. In the Enterprise h2oGPTe navigation menu, click Collections.

2. Locate the Collection you want to share and click

   share Share (or open the Collection and click share Share collection).
   Public

   To make a Collection public, allow all users within Enterprise h2oGPTe to access it and perform specific permitted actions on the Collection, consider the following steps:

   1. Click the Make collection public toggle.
   2. In the Allowed actions list, select the actions you want to allow other users to perform on the Collection.
   3. Click Save.

   

   Users

   To share a Collection with a specific user(s) with certain permitted actions, consider the following steps:

   1. Click the Users tab.
   2. Click + Add user.
   3. In the Users list, select a user to share the Collection with.
   4. Click check Check.
   5. Optional: Add other users.
   6. In the Allowed actions list, select the actions you want to allow other users to perform on the Collection.
   7. Click Save.

   

   IdP groups

   To share a Collection with a specific IdP group, consider the following steps:

   1. Click the IDP Groups tab.
   2. Click + Add group.
   3. In the Group ID box, enter an IdP group ID.
   4. In the Allowed actions list, select the actions you want to allow other users to perform on the Collection.
   5. Click Save.

   

---

Feedback

• Submit and view feedback for this page
• Send feedback about Enterprise h2oGPTe to cloud-feedback@h2o.ai