i wanted to restrict seeing certain objects to users based on their role . i created another table where i have user and object relation . user must see only objects with relation on this table . i made query and security policy . query works fine. People who has that role only sees objects connected to them . problem is , user who has that role , cant insert new object in table. security policy permission denied . i understand , that new rec id that is generated for object is not in my table and it permits adding it . on aosValidateInsert method of the table , i insert newly generated rec id of the object and user who adds that object in my table and users can insert new values now . But i am interested , if there is a way to allow person to see only certain objects from table , but allowing to insert new ones without a problem .
↧