User Roles - Advanced Settings
In this chapter, we will show you how to set up user roles so that users can edit (add and delete) only their own records. At the same time, these roles will allow the users to see the records of other users, which they are unable to edit.
It is necessary to create two roles that will combine the conditions for enabling the editing of records and prohibit the editing of someone else’s records.
The table needs to contain an item that can positively identify the user who will be included in the roles evaluation condition. It is possible to add a system item called “Created” or in other words the author of the record.
In the Developer level section, select the field “Schema item internal name” and name the newly created item “Author”.
Next, we will create two roles. One role will allow the editing of the user’s own records and the other one will prohibit editing of someone else’s records.
User role for editing user’s own records
Follow these steps:
- Create a new role named, for example, “User - Editing of Records”.
- Set the level of the application as follows:
Application permissions
- In the table level tab of the selected table, set the access to “Write”. Leave the default setting of the other options.
- Next, set the condition for the role:
doo.model.Author.value === doo.currentUser.login.value || !doo.model.Author.value
User role for reading someone else’s records
Follow these steps:
- Create a new role named, for example, “User - Reading of Records”.
- Set the level of the application as follows, just as you did with the previous role.
- In the table level tab of the selected table, set the access to “Read”. Leave the default setting of the other options.
- Next, set the condition for the role:
doo.model.Author.value !== doo.currentUser.login>
Now, assign both of the two roles created above to the users who are allowed to create, edit, and delete their own records, and on the contrary, can only view another user’s records, without the ability to make changes.