Question

User Specific Data

1

Hi i have an entity x which is a ticketing DB. as the user creates the request new request is created. I want to restrict users from viewing request only created by them, not any other requests created by different users . How can i achieve this.

asked 2023-08-28

Ashley Dcunha

2 answers

3

Hi Ashley, you can also choose to use XPATH at the entity level as adding XPATH at the entity level provides more security compared to adding at a Page level.

Similar to the steps explained by Oswaldo, to achieve restricting the users to access the Requests only they created,

you need to check the 'Store Owner' checkbox in your entity
Open the appropriate Access Rule, and go to the 'XPATH Contraint' tab
In the tab put the constraint, or you can even click the Owner button to auto-generate the XPATH

Hope you find this useful.

P.S: You can check this page for info on as why the Entity level contraint would be more secure in your case:

answered 2023-08-29

Ravikumar Gote

Oswaldo Valles · Accepted Answer · 2023-08-28

Hi Ashley,

One way of implementing that is by going to your Request entity and checking the Store ‘owner’, this will save who created the Request object:

After you have done that, one way is to apply it where you retrieve all the objects (datagrid, list view) and set the data source option to XPath as the following:

This will only retrieve the user’s request and not other requests (as you can see, I have 3 requests in database, but I only see the 2 that I created with my account):

I hope that solves your question, regards!