is it possible to check inside the security rules if a custom property is not set?
I want that users that do not have a custom property for apps see all apps that also do not have a custom property, something like this:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and
Got the solution at my own, folowing rules work:
resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and
resource.published = "true") and resource.app.stream.HasPrivilege("read"))
View solution in original post