When a public data set is copied, the settings in the security tab is inherited for the new data set. Even though the person creating the copy don’t have the permissions for creating a public data set.
It does not take into account the setting for "security" in the configuration in the back office.
Let’s say that person X, lack permission to the security tab. Person X creates a data set and asks person Y to make it public.
When the data set is public, person X makes a copy of it to be able to experiment with it.
In that new data set, the security is set to public, since the original is public. Person X is not aware and can’t see the security tab.
When X saves and publish the data set, it will be public.
It would be better if every new data set was set to “Access restricted to allowed users and groups” if that is the setting
