Hi Stefan,
In this case I would recommend solving this in the Domain model as much as possible. If you look at the domain model and click on an entity, go to the access rules you can set what attributes a user role can read and which it can edit (without write rights, an attribute is never editable). Next to the access rules you can also set an xPath constraint for which objects these rules are valid.
For example: You can create a userrole which can edit the data of an organisation, if the organisation_account = currentuser. You can then also create another acces rule for this user, where you set everything to read, so the user can read the information for every orhanisation.
Hpoe this helps!
Thank you Matteo,
We hadn’t had the Security level at ‘Production’
That enables the access rules/rights on property level
best wishes
Stefan