Skip to content

403 Forbidden error: Unable to view/download publicly shared dataset has RCA #5957

Open
Bug
Open
403 Forbidden error: Unable to view/download publicly shared dataset has RCA#5957
Bug
Assignees
Mrudhulraj

Description

@Mrudhulraj
Mrudhulraj
opened on Jun 26, 2026

What happened?

The dataset shared publicly is not viewable or downloadable from any other user account.

Scenario:
Dataset Owner : Create a dataset and share it publicly with download permission enabled.

Image Image

Non-owner: View the publicly shared dataset.
-> Issue: User cannot view any of the versions or download them

Image Image

Observation:

  1. Regardless of read/write permission granted, the datasets are not viewable or downloadable.
  2. Getting 403 forbidden error in a non-owner user account with a response while listing datasets:
    {"code":403, "message": "User not authorized."}
  3. The same entity dataset is being listed twice.

How to reproduce?

  1. Create a dataset from owner account and share the dataset publicly with write permissions.
  2. Note: Share button doesn't do anything -> No API calls sent
  3. Log in to a secondary non-owner user and try to view the dataset.
  4. Non-owner will not be able to view any of the datasets or download any of the versions.
  5. Errors observed: 403 abandoned error.
  6. Same entity id being listed twice.

Version/Branch

1.3.0-incubating-SNAPSHOT (main)

Commit Hash (Optional)

No response

What browsers are you seeing the problem on?

No response

Relevant log output

INFO  [2026-06-26 19:08:50,406] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1/diff HTTP/1.1" 200
INFO  [2026-06-26 19:08:50,420] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1/version/2/rootFileNodes HTTP/1.1" 200
INFO  [2026-06-26 19:08:50,451] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/presign-download HTTP/1.1" 200
INFO  [2026-06-26 19:08:57,499] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/user-dataset-owners HTTP/1.1" 200
INFO  [2026-06-26 19:08:57,518] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/access/dataset/owner/1 HTTP/1.1" 200
INFO  [2026-06-26 19:08:57,520] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/access/dataset/list/1 HTTP/1.1" 200
INFO  [2026-06-26 19:08:57,949] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1 HTTP/1.1" 200
INFO  [2026-06-26 19:10:06,944] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/user-dataset-owners HTTP/1.1" 200
INFO  [2026-06-26 19:10:06,968] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/access/dataset/list/1 HTTP/1.1" 200
INFO  [2026-06-26 19:10:06,970] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/access/dataset/owner/1 HTTP/1.1" 200
INFO  [2026-06-26 19:10:06,986] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1 HTTP/1.1" 200
INFO  [2026-06-26 19:14:27,033] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1 HTTP/1.1" 403
INFO  [2026-06-26 19:14:27,040] org.eclipse.jetty.server.RequestLog: [0:0:0:0:0:0:0:1] - "GET /api/dataset/1/version/list HTTP/1.1" 403

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions