Help me debug this Access Rule... driving me crazy!

It just makes no sense as far as I am aware.

I have this KPI’s and Indicators table. I want to allow:
1 - people with UUID link to see rows with that UUID
2 - owner to see all rows
3 - everyone else to see nothing.

The UUID rules are working. Here, I entered the table as a user that doesn´t even has access to the document. (the document is set to public however, as it will be shown as an iframe in an XWiki instance)

Notice only the rows with matching UUID as the URL are being shown

here are the rules

as the owner, I can´t see anything however.

Now you will say: well, it’s obvious, add a rule for the owner to be able to see them all.
But when I use the rule user.Access == OWNER, ALL records appear… for the owner and everyone else, including the user that is not even part of the document that is looking through the UUID URL


By using user.Access in [OWNER] instead of user.Access == OWNER, it works perfectly. Owner can see all records, other users can only see records when they use their UUID URLs!!

It’s very weird that in another similar Document, it works with user.Access == OWNER

It is definitely the case that user.Access == OWNER and user.Access in [OWNER] should be exactly equivalent. Is it possible that you were logged in (as owner) when you didn’t think you were, or had some other change in the rules?

My best guess is that sometimes, if you are signed in to Grist using multiple accounts and are switching between them, Grist’s notion of which account to use for a page can get a little fuzzy. It may be possible (maybe if switching accounts in different tabs) to get into a situation when your user icon shows account A, while Grist server actually sees account B (only in a case when you are signed into both, of course).

I was connected with two different users in two different browsers.

MS Edge and Chrome.

In Chrome, as owners, where I was changing the rules.

At MS Edge, as the user that was not even in the Grist Document, accessing it solely based on the UUID rules.

Weirdly, after I created this topic and solved it with user.Access in [OWNER], I tried the user.Access == OWNER and it worked, while yesterday it wasn´t working nor today morning. It’s as if when I changed to in [OWNER] it had refreshed or maybe changed the cookies, and then changing again to == it was fresh new…

go figure…