Every artifact has a visibility level. The level decides whether a request to view it requires authentication, and if so, who counts as authorized.
The three levels
- Public — anyone with the link can view. No auth required, no audit log entry on view.
- Company — anyone signed in to your organization can view. Audit log records viewers on Pro and above; Free organizations emit no audit row.
- Private — only the publisher and explicitly-allowlisted email addresses (
sharedWith).
sharedWith
sharedWith is the per-artifact email allowlist. It does two different jobs depending on visibility:
- On private artifacts: gates which organization members can view, in addition to the creator and org owners/admins. A member not on the list (and not creator/admin) is rejected.
- On company or private artifacts: grants external guests (people without a Display.dev account, on a different domain) view access via the OTP flow described below.
sharedWith has no effect on public artifacts — anyone with the link can view those.
External guests don't need a Display.dev account. The first time they visit, they're prompted for their email, get a 6-digit OTP, and become authenticated for the artifact. The OTP flow works without an account because the email itself is the credential — only the addresses on the artifact's sharedWith list are eligible to receive an OTP.
Access matrix
Display.dev enforces visibility on every view. Here's what each caller sees:
| Caller | Public | Company | Private |
|---|---|---|---|
| Anonymous | OK | redirect | redirect |
| Org member (any) | OK | OK | reject |
Org member, address on sharedWith | OK | OK | OK |
External guest, address on sharedWith | OK | OK | OK |
External guest, address NOT on sharedWith | OK | reject | reject |
"redirect" sends the caller through the auth flow. "reject" returns 403. Anonymous public-artifact views are the only path that emits zero audit entries — every other access combination produces a log row.
Tier requirements
- Public and company artifacts are available on every tier, including free.
- Private artifacts (with
sharedWithsemantics) require the Pro plan.
See Plans & features for the current matrix.
Anonymous publishes
An anonymous publish (see Publish without an account) lands as public and stays public after it's claimed. Claiming transfers ownership only — visibility doesn't flip. To gate the artifact behind organization auth, the new owner changes its visibility from the dashboard or with dsp share after the claim.
Changing visibility
Use the CLI:
dsp share <shortId> --visibility public
dsp share <shortId> --visibility private --add-users [email protected]
dsp share <shortId> --remove-users [email protected]…or the dashboard's edit dialog (Web upload).