What shoudl the Security Rules be to permit any user or some users belonging to a custom property say ReloadCapable users to be able to refresh an app in a stream?
I have an extension built that permits on demand refresh but unable to do so because the security rules prohibit the user from refreshing within the app in the published stream