Sharing¶
Share any cloud resource the way you share a Google Doc -- with users, groups, or whole organisations.
Overview¶
Sharing is a core capability that runs across the entire RosettaHub platform. Nearly every artifact -- formations, images, cloud keys, storages, Kubernetes clusters, container images, perspectives, portfolios, compliance policies, and more -- can be shared with other users, groups, or organisations with a right-click. This enables collaboration without giving up ownership or control, and non-administrators can share too -- sharing is not gated behind central IAM.
Unlike most cloud-governance platforms that ship with basic user management and administrator-driven grants, RosettaHub treats sharing as a first-class collaboration surface:
- Peer-to-peer sharing -- any resource owner can share with anyone they have a relationship with
- Cross-cloud and cross-account resource access via delegated credentials -- when you share a resource, the platform automatically issues temporary credentials so the recipient can access it, and revokes them on unshare. A machine in one account or cloud can access a storage object in another account or cloud without manual credential exchange or custom IAM work
- Multi-organisation membership -- a user can belong to several unrelated organisations at once (a home institution, a research consortium, a grant-funded project), each with its own role and budget; see Identity and Access Control
- Customizable portal -- Perspectives and Views map to the real organisational structure, and portfolios act as private service catalogs
Visibility Levels¶
Every artifact in RosettaHub has one of three visibility levels:
| Level | Description |
|---|---|
| Private | Visible only to the owner. Default for all newly created artifacts. |
| Shared | Visible to specific users, groups, or organizations that have been granted access. |
| Public | Visible to all users on the platform. Created by publishing to the Marketplace. |
Dashboard views include visibility filters so you can show or hide private, shared, and public artifacts independently.
How Sharing Works¶
To share any artifact:
- Right-click the artifact and select Share
- Choose recipients:
- Specific users -- share with individual users by name
- Groups -- share with a logical grouping of users
- Organizations -- share with an entire organization (and its sub-organizations)
- Projects -- share with a project, giving all project managers access
- Portfolios -- share with a portfolio, giving all users/organizations with portfolio access rights access to the artifact
- Confirm the share
The recipient sees the shared artifact in their views and can use it according to its type -- launch a shared formation, deploy from a shared image, use a shared cloud key, etc.
Sharing with Portfolios
Sharing an artifact with a portfolio is a powerful distribution mechanism. Anyone who has access to the portfolio (via rhp-, rhpsu-, or rhpadmin- roles) automatically gains access to the shared artifact. This lets administrators build service catalogs by curating artifacts into portfolios without individually sharing each item with every user.
What Can Be Shared¶
| Layer | Shareable Artifacts |
|---|---|
| RosettaCloud | Formations, images, cloud keys, key pairs, storages (object, file, block, snapshots), container images, container repositories, Kubernetes clusters, IP addresses, domains, SSL certificates, startup scripts |
| RosettaBox | Cloud accounts, native IAM users, native machines, native object storages |
| Platform | Portfolios, views, perspectives, compliance policies, compliance standards |
Sharing vs Publishing¶
| Aspect | Sharing | Publishing |
|---|---|---|
| Audience | Specific users, groups, or organizations | All platform users |
| Discovery | Recipients see it in their views | Listed in the Marketplace |
| How | Right-click → Share | Share with user "hub", then Publish |
| Control | Owner chooses exactly who gets access | Anyone can browse and clone |
Sharing and Ownership¶
- Ownership stays with the creator -- sharing grants access, not ownership
- Recipients can clone -- to make their own independent copy of a shared artifact
- Shared artifacts reflect updates -- if the owner modifies a shared formation, recipients see the updated version
- Revocable -- the owner can remove sharing at any time
Collaboration Patterns¶
Team Environments¶
An administrator creates formations and shares them with the team's organization. Team members launch sessions from the shared formations without needing to configure infrastructure.
Service Catalogs via Portfolios¶
Bundle multiple artifacts into a portfolio and share it as a self-service catalog. Portfolio roles (rhp-, rhpsu-, rhpadmin-) control what members can do within the portfolio.
Cross-Organization Collaboration¶
A researcher can belong to multiple organizations and share artifacts across organizational boundaries. This supports multi-institutional research projects where teams need access to each other's formations and images.
Publishing to the Marketplace¶
Share an artifact with user "hub" and then publish it to the Marketplace. This makes the artifact discoverable by all platform users and is the path for creating institutional or public service catalogs.
Related Topics¶
- Portfolios -- Bundle artifacts into shareable catalogs
- Marketplace -- Publish artifacts for platform-wide discovery
- The Portal — Roles -- Role-based access control
- Formations -- Share cloud-agnostic IaC recipes
- Images -- Share machine images