We are using publication groups to give external users access to their, and only their, data. Since Publication groups can't be accessed via the current API endpoints we also thought to programatically define PDP to guarantee a second layer of protection against people seeing data they shouldn't. We tested this and it looks like the access defined under the publication group policies overrides those defined on the dataset's pdp...
Is this intentional? Is there a way to make this work such that the Publication group applies appropriate PDP policies to the datasests used in the cards in the publication group, then the publication group access rules are applied as well?
Thanks,