Row level security


I am new to cuba platform and I built couple of simple applications as exercise and I just loved it for its ease of use for building CRUD applications.

I have this requirement where each user of application will have access to multiple entities. However each user will have access to his own data. Only Admin can have access to all users data.

I understand that Row-level Security could be achieved using access group but I could not figure out simple way to achieve the above mentioned requirement.

Any pointers would be of great help.



i would suggest that you have a look at docs around constraints.

The solution to your problem would be the following example:

For every Entity you have defined in your application, you can create a constraint for the access group that you want to constraint which goes like this:

  • Entity: <>
  • Check Type: Database
  • Operation Type: ALL
  • Where Clause: {E}.createdBy = :session$userLogin

This will filter all entities for the createdBy attribute for the current username - this should do the trick.


Hi Mario,

Thanks for quick reply.

I tried the same thing before posting the question with couple of changes.

Check Type was “Check in database and in memory” with additional Groovy script but somehow it did not work.

I followed each steps as suggested by you for each entities and it worked.