Need help with shared MD / authoriseShareMd function

I’m playing with the DOM API and want to create a public MD where every app user is able to insert values. So far I have noticed that if you create a public MD it’s readable by everyone but only the creator can insert values. If I log in with a different account and want to insert values I get “Access denied”.

I now wonder if for such a case I would need the authoriseShareMd function? If yes, how should it be used?

Normally I hash the string of my MD name and use this hash-name for storing MDs. Therefore I tried the following but authoriseShareMd returns “First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.”.

window.safeCrypto.sha3Hash(appHandle, 'public_md').then(hashedName => {
		type_tag: 15001,
		name: hashedName,
		perms: ['Insert'],

What am I doing wrong? Any help is much appreciated because I’m currently stuck here. :confused:


Thanks to the quick response of Joseph_Meagher I was able to fill in the missing puzzle. I forgot to call

window.safeMutableData.setUserPermissions(mdHandle, null, pmSetHandle, version + 1))

so everyone is able to insert values. Now this part works! :slight_smile: However just out of curiosity, could anyone elaborate about the following questions?

  • Am I right in assuming that authoriseShareMd should be used to request permission to a MD which was created by a different app? From the documentation the use-case for this function isn’t 100% clear to me.
  • Why is the above code failing?

As far as I know Shared Md is for a private Mutable Data structure that allows other people to insert.

Shared Mutable Data is a an encrypted Mutable Data Structure that can be used for collaborative purpose, like a private messaging group in Chaty.

Taken from SAFE API Overview

I am also looking to learn more about as well as I don’t know that much on how it works and the overview of Shared Mutable Data could do with a bit of fleshing out.

Edit: I was wrong here is the updated version from SAFE API Overview

Shared Mutable Data

// Great Reference and video by Hunter Lester here

// Need to explain better and verify

When you set up a public Mutable Data structure only the app info you set it up with is given access to modify it unless you use Shared Mutable Data.

Shared Mutable Data is a public Mutable Data Structure that can be used for collaborative purpose across different websites (with different app infos), like a collaborative messaging group in Chaty.

*App Info is the parameter in the intialise function, Hunter Lester’s goes through what happens.

1 Like

Thanks for the youtube link. @hunterlester this helps a lot understanding the purpose of this method.

Two things I can’t understand though:

  1. Why is the authoriseShareMd call triggered by the foreign app? It seems strange, that some random app can request access to “my” MD?
  2. Also, in your video it seems that after creating your public MD you don’t set Insert permission for anyone other than yourself. (After calling quickSetup you directly switch to the other app without adjusting permissions.) This would mean, even by using the same app, others wouldn’t be able to insert something. Does shareMd give you this access too? This would be even more troubling if it can be requested by some foreign app.

Maybe you can shed some light on this issue?


I’m glad you brought this up because at first glance I was also concerned about it.

Mutable Data authority is made up of it’s permissions and of it’s ownership, if I’ve worded that correctly.

Sharing Mutable Data structures between applications is only about sharing those that you own. Other users, via an application, may not have shared access to a Mutable Data structure that you own.


Ah thanks for the clarification!

I’m currently testing some code where I always switch between users so I was still there with my thoughts. :smiley: In your video you just switched the app, but not the user. :wink: Now it makes sense!

Still strange though why this error occured: “First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.” because the first argument was definitely a valid appHandle. But maybe it’s my fault again. I’ll do a little bit more testing on this.

1 Like

I am still a bit confused on how shared mdata works

Would its ownership just be a reference to the account that created it or would there be a link to the app info in use when the mdata was created? I got this

    /// Network address
    name: XorName,
    /// Type tag
    tag: u64,
    // ---- owner and vault access only ----
    /// Maps an arbitrary key to a (version, data) tuple value
    data: BTreeMap<Vec<u8>, Value>,
    /// Maps an application key to a list of allowed or forbidden actions
    permissions: BTreeMap<User, BTreeSet<Permission>>,
    /// Version should be increased for every change in MutableData fields
    /// except for data
    version: u64,
    /// Contains a set of owners which are allowed to mutate permissions.
    /// Currently limited to one owner to disallow multisig.
    owners: BTreeSet<sign::PublicKey>,

from here but it isn’t too clear to me what it means.

  • What is the difference from a standard public Mutable Data structure like chaty and a Mutable Data structure that is shared?
  • Can a private Mutable Data be shared between users with/without permissions?
  • Is it possible to add an owner to the list of owners, if so how?
  • Is it possible to give and then revoke permissions to users other than owner?

I’ll be following this topic closely. These are all questions that K ask myself too.

They are just MutableData’s. When we talk about shared MD is just a MD which is being shared by several applications, i.e. several applications have permissions to insert, update and/or delete entries from it.
When you create a MD the owner is the account/user, and the app that is creating the MD sets the permissions upon creation for itself (if you use quickSetup it enables all permissions for the app creating it, using its sign key to do so). After that, any app that has the ManagePermissions permission can set permissions for any other app. Now, if an app doesn’t have the MangePermissions permission for a MD, and it doesn’t have any other permission it needs, it can not add itself, this is when the SharedMD request/flow comes in to add that app to the permissions list.

Yes, I think so, but only the entries which are not encrypted will be readable by the other user. A private MD can contain also unencrypted entries.

This is not possible yet, as you can see the comment there in the code, it’s locked to only one owner at the moment. Changing ownership is not implemented yet either.

I’m not sure if this makes sense, at least at the moment, because usually it is an app which is interacting with the network and manipulating the user’s data on behalf of the user, so you need the app to be given permissions.


I think there is no difference. By calling the shareMD function you just request access (for the current app) to a MD you already own (e.g which you created). The name of the function is maybe a bit misleading because you don’t use it to share the MD with users, but with a foreign app. Maybe it should be named “shareMdWithApp” or something.

Not sure if this is possible yet.

I think the anser to this is already in the code you posted above: “Currently limited to one owner to disallow multisig.” So I think this will be able in the future but for now the creator is the only owner.

Not 100% sure, but should be possible if you know the key of that user? Maybe the mobile messaging app goes into that direction but wasn’t able to take a closer look at it yet.


@Mindphreaker If you pass hashedName as new Uint8Array(hashedName) then you’ll achieve success.
We are working on unifying the web API to only output Uint8Array typed arrays so that we won’t have to convert from ArrayBuffer.

Another separate note is that authoriseShareMd does not work with mock routing due to an issue documented here:
However, this is not an issue if you are working on Alpha 2 network.


Would this be right?

When you set up a Private or Public Mutable Data Structure it gives permissions to an application key. That key is derived from the account and the application used to set up the Mutable Data Structure.

This means only that application in combination with the account has permissions for that Mutable Data Structure.

To enable permissions from a different application Shared Mutable Data is used to request permissions.

This topic was automatically closed after 60 days. New replies are no longer allowed.