ACL: how to enable feature that users only see data that are created by themselves


For example, Bob creates a DataExport record A, and Alice creates a DataExport record B, how could we enable the feature that Bob has access to record A only, and Alice has access to record B only?


Please refer to the ‘Access Control’ section in the ‘in depth’ server documentation


Thanks Gilberto. I found the answer in the documentation.

Basically, we need to 1) enable ACL on DataExport and 2) create an EnableAclPrivilege object, as following show,

// enable ACL
type DataExport mixes AclEnabled<DataExport>

// create an EnableAclPrivilege object
  "enabled" : true,
  "id" : "dataExport_acl_controlled",
  "name" : "dataExport Acl Controlled",
  "typeName" : "DataExport"

FYI this works because by default a user can always see data he/she created