You can’t solve this only with XPath if everyone has read access, because offline sync will download everything the user can read. If all users must see all documents but should download only their own, the file entity must be online-only (not synced). When a user taps an attachment, call a microflow that checks ownership: if the file belongs to the user, allow download; otherwise, show a message like “You can view metadata, but you can’t download this file.”

You can use offline sync, no need to resort to online only.

Probably not necessary and not desired for security and performance for everyone to have all uploaded files of all people on their device.

You can change the sync config to sync only files uploaded by the user, by setting an association to User or Account on your document entity. That way, users only keep their own documents on the device. Also, if these documents are processed in your app, once they reach a certain status they may no longer be relevant to be synced to the device, you could put that too in the sync config XPath.

If the documents only need to be uploaded and not referenced anymore after syncing, set the sync config to 'nothing (clear)' for the document entity, this turns the sync into a one way upload of new files to the backend, no files will be downloaded from the backend to any device. NativeFileDocuments itself requires that setting for its own logs to prevent clutter on the devices.