Hi there I wonder if you can help me understand why my retrieval isn’t returning the records I expect?
I’m executing this API call :
and I believe I’m correctly passing a valid user-token in the header but I’m retrieving all records rather than the records associated to the user-token’s userID.
I’m passing a user-token for the user Graham but I’m getting all records including other users records.
This is a current valid token if you want to try it 895C1C2E-A908-4AEC-8FD0-8682A2BF6B9E
Passing user-token won’t select only the records associated to that user-token’s user.
You can setup permissions for the Person table to make that logic work or add the where clause with object’s
ownerId to your request:
Thank you @olhadanylova
I’d prefer the database to have the inherent security applied. How do I configure that behavior on the security of the table?
And if I understood your case correctly, then you can create a “user” role. Assign this role to your user (https://monosnap.com/direct/emg666GNTETCSKj5dfRumvRLMTT1fm) and disable “find” in the table settings for this role https://monosnap.com/direct/1Cxnp0DoLYFGqtlhmmkyIKefjAGBzt
(you can do this in global settings the same way if you want this behavior for all tables https://monosnap.com/direct/TskY9Nu0MFibusOk1axJFM6PgVjpZl). In this case, the owner policy should be enabled.
If you make these settings, you will be able to use the query you originally used.
@Inna_Shkolnaya thank you that worked perfectly.