On my pc laptop...I have records that have been shared with me in a vault - if I try to edit the record, it tells me that it is read only - however, I am able to make a copy of that particular record which gets placed in my own private listing and then I'm able to edit it in my own record listing. Is that intended behavior ? I would imagine that if I share a record and have it as read only, I wouldn't expect that the person I am sharing it with would be able to make a copy of it ???
This is a good question, and at first, I felt the same way as you when we were creating the sharing feature in 6.0. However, the problem is that there is nothing keeping a user from copying the data into a new record they create on their own, so stopping them from copying the record programmatically really only gives a false sense of security. It wouldn't be wrong to stop a read-only user from being able to copy a record, of course, it just wouldn't provide any security which might be assumed in knowing the record couldn't be copied by mSecure.
Very good point !