ACL: how to enable feature that users only see data that are created by themselves

#1

For example, Bob creates a DataExport record A, and Alice creates a DataExport record B, how could we enable the feature that Bob has access to record A only, and Alice has access to record B only?

#2

Please refer to the ‘Access Control’ section in the ‘in depth’ server documentation

#3

Thanks Gilberto. I found the answer in the documentation.

Basically, we need to 1) enable ACL on DataExport and 2) create an EnableAclPrivilege object, as following show,

// enable ACL
type DataExport mixes AclEnabled<DataExport>

// create an EnableAclPrivilege object
{
  "enabled" : true,
  "id" : "dataExport_acl_controlled",
  "name" : "dataExport Acl Controlled",
  "typeName" : "DataExport"
}
#4

FYI this works because by default a user can always see data he/she created