I am building something similar to Trello where people can watch boards for notification updates and I quickly realized users can't add activities to feeds that don't match uid unless configured manually. (See GitHub issue: https://github.com/GetStream/react-activity-feed/issues/23)
I can see why permission needs to be denied as this can be a security concern. But then in the case of Music app like Spotify (https://getstream.io/docs/#social-network), how can users add activities to "playlist"?
So, my questions are:
When feed type is configured for shared write access it means that any user would be allowed to write to any feed with that type.
So if you have a playlist feed type configured for shared access user A would be allowed add/delete activities to playlist:B instead of only being allowed to write to playlist:A
Whether this is a security concern is dependent on the system you are trying to build.
Doing this operation via a server under your control you can ensure no invalid operations are permitted.
For your case you could use follow following to get other users' board updates to their notification feeds.