Use section access to limit a subset of user's permissions?
I have an app that should have the following security rule:
If USERID is in table X, they should have ACCESS = USER, and a reduction in what data they see
Else, the USERID should see all
I have tried to implement this by doing the following:
// People with limited access, setting their reduction to the fields in the table AccessTable: LOAD * FROM [LimitedAccessTable];
// Adding admin access to all other users in user group Concatenate(AccessTable) LOAD * INLINE [ ACCESS,USERID,GROUP,REDUCTION ADMIN,INTERNAL\SA_SCHEDULER,*,* ADMIN,*,USERGROUP,* ];
The problem here is that users in the first table also get admin access through the second table load. I have tried to limit the second load by using statements like "WHERE NOT EXISTS(USERID)" and adding a third section: INNER JOIN(AccessTable) LOAD USERID, MaxString(ACCESS) AS ACCESS RESIDENT AccessTable GROUP BY USERID;
None of these work. I think the issue is that the '*' value is not converted to actual user info until after the data load.