Iām trying to define a contextual role for records, that is applied whenever userID is an element of a milti field resource.values.userMandant. resource.values.userMandant == userID works if a multifield has only one entry. resource.values.userMandant[0] == userID || ... doesnāt work (no records visible). userID IN resource.values.userMandant is not allowed (āRole update failed: parsing error: userID IN resource.values.userMandant :1:8 - 1:10 unexpected Ident while scanning operatorā)
Documentation pages about Security Model, Expressions or Contextual Roles were not helpful this time.
I defined a prefilter userMandant = ${userID} OR ${userID} IN userMandant on the Module and it works, but during export, user can easily delete the prefilter and access all the data in a module. So of course, itās a no go.
Am I missing something? How can I have a module with many records but only allow a subset of users to read a subset of records?
I tried the has() function and it seems to almost work. However in my case it only looks if userID is in the first spot in the multi-value.
i.e.
userID = 12
if record.values.userMandant = ['12', '49'] then has(record.values.userMandant) returns true
if record.values.userMandant = ['49', '12'] then has(record.values.userMandant) returns false
When I change the order within the multi-value field, so ā12ā is on top, and the record magically appears where it should.
The expression I use for the contextual role is has(resource.values.userMandant, userID) I also tried has(record.values.userMandant, userID), like in the docs, but it always returns false.
It didnāt work, because I forgot to remove the old prefilter āuserMandant = ${userID} or userMieter = ${userID}āā¦
Thank you very much for your help.