Is there a way to set permissions so that another specific user is able to access a users objects?
For example User X has a number of objects in Table A. User X wants to grant permissions for User Y to access their objects in Table A.
I can do this by setting permissions in the data and creating a PHP layer in between that manages the permissions but don’t really want to do this.
Thanks for your reply. I had read that before and I don’t think it covers what I need.
Instead of defining roles and setting the access permissions for the role, I need it to be covered for another user.
As an example, think of a social network application.
A user could create a number of objects that represented their posts but only that user (the owner) would have access to them.
If that owner user added a friend, then the friend user would need to have permissions to view the post objects created by the owner user.
Although my app isn’t a social network I need to be able to give users access to read objects created by other specific users in this manner.
As a workaround I could open up access permissions to all authenticated users to read, and then add relations to identify who could read them and use a WHERE query to bring back objects only with that relation. But this seems much like a much less secure way to manage it.