Row level security by user department

I have one table which is filled by all users. I need user to see records only of users of his own department. But also superviser to see records of all departments. Any ideas how to implement it?

Now I have column “department” in table and user fills it himself, and then users use filter. But without filter they can see all records.

Hello, @zvaigzdzius!

You can do this with Access groups and constraints.

For example, if you have department entity and links: user <-> department and common entity <-> department.

  1. Need to create Access group (Administration -> Access groups) for restricted users
  2. Create constraint for Read operation with condition that define which record must be shown for user

Example Where clause of constraint:
{E}.department.id = (select u.department.id from project$ExtUser u where u.id = :session$userId)

{E} - common entity with department, ExtUser - extended user with department

You can extend user to add link for department like in this example.

Also: Constraint example

1 Like