I have an app that should have the following security rule:
- If USERID is in table X, they should have ACCESS = USER, and a reduction in what data they see
- Else, the USERID should see all
I have tried to implement this by doing the following:
Section Access;
// People with limited access, setting their reduction to the fields in the table
AccessTable:
LOAD * FROM [LimitedAccessTable];
// Adding admin access to all other users in user group
Concatenate(AccessTable)
LOAD * INLINE [
ACCESS,USERID,GROUP,REDUCTION
ADMIN,INTERNAL\SA_SCHEDULER,*,*
ADMIN,*,USERGROUP,*
];
The problem here is that users in the first table also get admin access through the second table load. I have tried to limit the second load by using statements like "WHERE NOT EXISTS(USERID)" and adding a third section:
INNER JOIN(AccessTable)
LOAD
USERID,
MaxString(ACCESS) AS ACCESS
RESIDENT AccessTable
GROUP BY USERID;
None of these work. I think the issue is that the '*' value is not converted to actual user info until after the data load.
Anyone have any idea on how to work around this?