Share Assets

Sharing assets under a zero-trust permission model maeks sure assets are shared only with those who need them.

Apart from marking an asset as public, you can also share assets within individual users and organizations.

Each asset has its own sharing options, which are available to the authors of the asset or the owners of the organization that owns the asset. All assets across TileDB Cloud are shareable in the same way. You can view and manage the access permissions to the asset through the Sharing tab in the asset’s detailed view or programmatically through the API.

Tip

You can both make an asset public and share the asset with individual accounts or organizations, all with different permission sets.

Note

Currently, TileDB Cloud supports access policies at the array level.

Share an asset

If you are the author of an asset or an admin of the namespace that owns an asset, you can share the asset with any namespace you wish. You can share the namespace either through the UI or through the TileDB Cloud API.

Through the UI

To share an asset through the UI, do the following:

  1. Open the asset’s detailed view.
  2. Select the Sharing tab. If you have already shared this asset with other accounts or organizations, those permissions will be listed here.
  3. Select the + Share button.
  4. Type the individual account, organization, or email address with which you wish to share the asset.
  5. Select the appropriate permissions:
    • Read only (Read from asset)
    • Write only (Write to asset)
    • Read + write (Read from and write to asset)
  6. For VCF, SOMA, biomedical imaging, point cloud, geometries, raster, vector search, and group assets, choose the permissions you wish to set to the contents of the public asset.
  7. Select Share.

TileDB sends an invitation to the user or email that they must accept before gaining access to the asset. If they share with an individual email not associated with a TileDB account, TileDB will ask the recipient to sign up for an account.

The following screenshot shows the modal you would receive when sharing arrays, files, and all code assets (notebooks, dashboards, UDFs, task graphs, and ML models):

A screenshot of the Sharing section of a file's detailed view. A modal that appears after selecting '+ Share' displays a search form field for usernames and organizations and a drop down list of permissions to set on the object A screenshot of the Sharing section of a file's detailed view. A modal that appears after selecting '+ Share' displays a search form field for usernames and organizations and a drop down list of permissions to set on the object.

The following screenshot shows the modal you would receive when sharing VCFs, SOMAs, biomedical images, point clouds, geometries, rasters, vector search indices, and groups:

A screenshot of the Sharing section of a VCF's detailed view. A modal that appears after selecting '+ Share' displays a search form field for usernames and organizations and a drop down list of permissions to set on the object and its contents. A screenshot of the Sharing section of a VCF's detailed view. A modal that appears after selecting '+ Share' displays a search form field for usernames and organizations and a drop down list of permissions to set on the object and its contents.

Note for TileDB Cloud SaaS users

TileDB Cloud has an autocomplete feature you can use to find usernames. TileDB treats usernames as public information—as GitHub and GitLab do—but still hides full names and email addresses. Email us at privacy@tiledb.com if you want us to remove your username from autocomplete.

These rules also apply to the TileDB Cloud Self-Hosted installations, except TileDB Cloud Self-Hosted installations have no third-party users in the deployed system. Thus, everything is visible to the scope of the installation.

Through the API

You can share an asset with a particular namespace through the TileDB Cloud API, if you have the namespace’s username, the URI of the asset, and the permissions you wish to set.

For Python, the valid permissions are as follows:

  • 'read' (default)
  • 'write'
  • ['read', 'write']
from tiledb.cloud import asset

uri = "tiledb://TileDB-Academy/2a68efed-a6b1-4532-8aca-5a24e4d0faa1"
namespace = "tiledb_docs"

asset.share(
    uri=uri,
    namespace=namespace,
    permissions="read",  # default is read
)

TileDB sends an invitation to the user or email that they must accept before gaining access to the asset. If they share with an individual email not associated with a TileDB account, TileDB will ask the recipient to sign up for an account.

Unshare an asset

Through the UI

To unshare an asset through the UI, do the following:

  1. Open the asset’s detailed view.
  2. Select the Sharing tab. If you have already shared this asset with other accounts or organizations, those permissions will be listed here.
  3. Find the namespace whose access you wish to remove from this asset. Select the “Revoke access” button (⊖).
  4. Select Revoke access.

Through the API

Unsharing an asset in the API is similar to sharing an asset:

from tiledb.cloud import asset

uri = "tiledb://TileDB-Academy/2a68efed-a6b1-4532-8aca-5a24e4d0faa1"
namespace = "tiledb_docs"

asset.unshare(uri=uri, namespace=namespace)

Organization-level access control

While sharing objects with individual users is certainly possible with TileDB, it doesn’t scale well as organizations scale. Individuals within your organization can change teams, people join or leave your company, or you may need to change object permissions in bulk.

For organizations, the suggested way of managing access to assets is by creating a set of organizational namespaces. When you share an asset with a namespace, all members of that namespace have access to the object based on the permissions you set at the time of sharing the asset.

You can invite members to the organization namespace through the TileDB Cloud UI or through the API, as described in detail in the member namespace settings.