Filtering if role exists for a certain association

I want to be able to use roles in page/entity permissions but want to filter based on an "association" existing. I was told you can do this and that there was a learning path somewhere that detailed it but I can't find it. To explain - lets say I have an entity of type tool that has name, location, cost etc. I make a role called Tool_Can_Edit which on the tool edit page (input of object tool) if the logged in user has the edit role, they can edit the tool information, if they don't they can't edit that tool information. However, let's say I have 100 users and 100 different tools. User 1 can only edit certain tools, user 2 can only edit other certain tools and user 3 has edit on no tools. How do you make the associations and then filter the role on the page/entity so that a user can only edit the tools that they have been granted access to edit without giving them the blanket Tool_Can_Edit role for all tools?
1 answers

If I get it right you can create ToolRole helper Matrix table which will store aggregated permissions. It needs to be associated with Account table in order to use CurrentUser. You mentioned User 1 can edit certain tools, let say it will be Hammers, and User 2 can edit Drills only. This information needs to be stored somewhere and to have it in table make most sense.

You can assign users to ToolRole as you wish and then on Access entity for Tool you need Xpath as on image which will check: Those particular Tools are associated with those ToolRoles and those must be associated with current user. Only them you can edit properties. So if Tool is not associated with ToolRole which is associated with User then it wont be editable. Role is for editing so you need only 1 role and 1 xpath in it to cover that usecase. Another role can be for Read and without XPath it will show all Tools.



Have ToolRole mapping for Admin somewhere and once you set it up it should cover your use case.




Edit: with direct association to Role but this would require as many roles as many possibilities you need to map them