Setting public and private acess for objects
I'm little bit confusing with the security layers. Please help me.
I need to set up the following restrictions on a table:
1. The objects that has no defined ownerId - created manually by the admin (public objects), should be able to be retrieved by any authenticated user.
2. The object that has defined ownerId can be retrieved only by the owner.
3. Is it possible to retrieve in single step both the public and the private objects (on Android) ?
How i set up such security logic ?