HiHere are some test on permissions set when using metadata import and CSW-Transaction Insert. There're some differences that I think should be unified. Please if can check for opinion:
Users: editor1 and editor2 in same group
1) Import metadata with editor1
All permissions set for user group
1.1) editor1 can edit and delete it
1.2) editor2 can edit, but not delete (a check to display Delete button only for owner prevents to show button).
But calling in URL metadata.delete service for the metadata succeeds. This seem incoherent, I think any user in same group should be able to delete it, or at least protect service to check owner.
2) CSW-T with editor1
No permissions set.
2.1) editor1 can edit and delete it
2.2) editor2 can not even display it in GeoNetwork or using GetRecordById request
I think should add same permissions as in previous point (all permissions for user group)
3) CSW-T with editor1 with Inserted metadata is public (Transaction) enabled
Permissions set to view for group ALL (as per previous setting)
3.1) editor1 can edit and delete it
3.2) editor2 can display it, but can't edit/delete it in GeoNetwork
3.3) editor2 can edit with CSW, but can not delete it
I think should add these permissions: view for group ALL and also all permissions for user group