How to offer a "share non-sensitive things with colleagues" functionality

There are use cases for which full-fledged access control with dedicated resources and roles managed in Multitenant Access Control is not necessary and too cumbersome. If the actual data itself is protected already, a simple "share with colleagues" functionality is sufficient for non-sensitive elements. These could be dashboards, queries, filters or report definitions which themselves are typically not sensitive. However, it must be ensured that a user’s permissions to access data or functionality offered within those elements are enforced.

This is not a "sharing" use case in the sense of "Provision" or "Share Access" offered by Multitenant Access Control to cross tenant boundaries.

An example is the creation of a custom dashboard whose configuration and selection of widgets are not considered sensitive information themselves. Users want to advertise the custom dashboards to other users or groups of users, for which they might be helpful. The data shown on the dashboard is itself protected by the applications offering the widgets and data. I.e. any user accessing this dashboard needs to have additional permission to see the displayed data or the content will be shown as empty / no access.

In this case, managing dashboard visibility using a simple user and/or group selection within the dashboard application is an easy solution for this convenience functionality of limiting the amount of elements directly visible to a user.