How to effectively use row level security filters

I have created a row-level security filter on an entity – e.g. currently logged user can see only his invoices.

I would like the admin could see all the invoices, other users could see only their own ones.

The role level security can be triggered by defining a specific application role.

I would call the application role e.g. Data_Invoices_All and assign it to the Admin.

But then it produces just the opposite what i would expected. The only one who is not able to see all the invoices is the root, becouse the security filter is applied only to application role DATA_Invoices_All.

I can imagine a couple of soultions, but none of them is good enough:

  1. Define an application role called e.g. DATA_Invoice_OnlyMy and assign it to all except of Admin. The problem is then when somebody creates a new UserRole and forget to assign the DATA_Invoice_OnlyMy application role, the users could see all the invoices.

  2. Make a special menuitem for the Admin (depending on e.g FRM_All_invoices) and use another datastructure with row level security turned off. The downside of this approach is a neccessity to maintain two very similar datasets and also in my particular use case I can’t afford to switch off all security filters becouse i need other ones to be applied.

Is there some more elegant solution? E.g. somehow define, that the row level security rule is applied if you are not in some role?

1 Like

Yes, you can use a “not” operator – just enter !DATA_Invoices_All and it will only show all invoices if you DO NOT have this permission assigned.

1 Like