I have a reference to User in each Entity and for each entity in the users access group I have a database constraint limiting {E}.user to session$user. I want to be really careful that users can only access their information.
Is there any downside to always having a similar in-memory constraint whether the entity might be loaded as part of the object graph of another entity or not?
I am concerned that if I, for example, expand functionality and add a previously un-accessed collection of a different entity to a view, it will all of a sudden not be filtered because it is now loaded in memory as part of the object graph.
If the answer is yes, is the Groovy script for the in memory filter the same “{E}.createdBy = :session$userLogin”?