Security of owned objects


Could you help me to understand how to ensure that objects belonging to one user are not retrieved by other users?

Because the current owner policy does not seem to handle that case. Or am I missing something ?

Thank you

1 Like

Hello @Seb777,

if you deny retrieving for Role permissions but set Grant for retrieving by Owner (in Owner Policy permission), then this case will be handled - only the owner will be able to retrieve his objects.

Hope that helps.


I agree with @Seb777 : as also stated here Permissions issue while loading relations - #8 by Nicolas_REMY, I seem to also encounter cases where :

  • object policy (at the table level) is deny for users
  • owner policy (at the table level) is allow for owners
    And while owners can retrieve their data, they can’t retrieve relations.

Thank you @stanislaw.grin it seems to work for me.

Best regards