Conflicting access rules: which takes precedence?

Ask for Help
1

Hello everyone,
I’m trying to set access rules for the following usecase:

  • I have a “Employees” table with Email and Team columns
  • The table I want to set access rules to (“Things”) has a Team column
  • I want the lines of this table containing $Team to be seen only by people who are on $Team
  • However, there is a special team of “MGMT”: I want the people on the “MGMT” team to be able to see everything

So I made this:

  • a User Property named “Employee_team” with user.email as “Attribute to look up”, “Employees” as “Lookup table” and “Email” as “Lookup column”
  • the following rules for table “Things”:
  • user.Employee_team.Team == "MGMT" with Allow All
  • (user.Employee_team.Team not in $Team and user.Employee_team.Team != "MGMT") with Deny All
    However, although employees can only see lines who mention their $Team, I see that employees in the MGMT team do not have acces granted to all the lines, only those who are mentioning “MGMT” in the $Team column. Is that because of conflicting access rules? Should I follow an order of precedence to be sure of which rule are overruling the other?
    Thanks in advance!
2

I know there IS precedence and for that very reason, access rules should be able to be changed in order to make tests.

If the logic is faulty and one must change Access Rules order, you must copy the access rule to a new line, then copy other access rule, paste in the right position, then recopy the other back to the position of the one you just cut… it’s an awesome way to create more errors.