In this chapter, we will show you how to set up user roles so that users can edit (add and delete) only their own records. At the same time, these roles will allow the users to see the records of other users, which they are unable to edit.

It is necessary to create two roles which will combine the conditions for enabling the editing of records and prohibit the editing of someone else’s records.

The table needs to contain an item which can positively identify the user who will be included in the roles evaluation condition. It is possible to add a system item called “Created” or in other words the author of the record.

In the Developer level section, select the field “Schema item internal name” and name the newly created item “Author”.

Next, we will create two roles. One role will allow the editing of user’s own records and the other one will prohibit editing of someone else’s records.

User role for editing user’s own records

Create a new role named, for example, “User - Editing of Records”.

Set the level of the application as follows:

In the table level tab of the selected table, set the access to “Write”. Leave the default setting of the other options.

Next, set the condition for the role:

doo.model.<[Author (Author)]>.value === doo.currentUser.<[Login (login)]>.value || !doo.model.<[Autor (Author)]>.value

User role for reading someone else’s records

Create a new role named, for example, “User - Reading of Records”.

Set the level of the application as follows, just as you did with the previous role.

In the table level tab of the selected table, set the access to “Read”. Leave the default setting of the other options.

Next, set the condition for the role:

doo.model.<[Autor (Author)]>.value !== doo.currentUser.<[Login (login)]>

Now, assign both of the two roles created above to the users who are allowed to create, edit, and delete their own records, and on the contrary, can only view other user’s records, without the ability to make changes.