GuidesAPI ReferenceChangelogHelp
Guides

Private Spaces and Data Access Control

Suggest Edits

The FamilySearch Family Tree provides access to person records, relationships, and other data that is regulated by law. FamilySearch controls access to the Family Tree data using a variety of access control mechanisms. Private Spaces is one such mechanism.

Every FamilySearch user has a private space of their own. Data in a private space can be viewed and managed only by the assigned user of the private space. This document presents the ramifications of the migration of regulated data to Private Spaces.

Relationships

FamilySearch no longer uses relationship access lists to restrict access to ancestral relationships. Users now have their own copy of regulated data so they will never encounter a situation where they cannot create or view a relationship within their own ancestral tree.

Users can view and manage relationships established between persons within their own private space, and between a person in their private space and a public person. Relationships involving only public persons, as always, can be seen by all users.

Living or Deceased

Private Spaces has implemented a Living Status flag for all private space person records. This is an additional mechanism to help restrict access to regulated data.

When creating a new person record in the Family Tree, the living status of that person should be specified as living or deceased. If the living property is not specified then the person is considered deceased if there is a http://gedcomx.org/Death event. Otherwise, the person is considered living.

If a private space person record is flagged as deceased, then the person record becomes public for all to see. If a deceased record is discovered to be in error, a FamilySearch administrator is required in order to flag the person record as living. This is the case because a public person may be included in the pedigree of several users. Changing the living status from deceased to living represents an access control restriction, which removes the view of that person from all but one user, therefore creating a gap in some pedigrees. When the deceased person is flagged as living, the administrator creates a copy of the person in the private space of all users who have that person in their pedigree. Each copy placed in an additional private space has its own unique person ID. For this reason, the copies lose artifacts such as photos or stories that are attached to the person being copied.

Sensitive Data

Private Spaces also implemented a Sensitive data flag as a mechanism to control access to regulated data. A person or a relationship record that is marked sensitive by a Family Tree administrator remains in the private space regardless of the status of other access control restrictions. For example, a sensitive record of a deceased person can only be viewed by the user of the private space that the deceased person is assigned to.

Only an administrator can mark a person as sensitive or as no longer sensitive. A deceased person that is marked as no longer sensitive and has no other access restrictions is immediately made public and visible to all users.

Updated about 2 months ago