Help with simultaneous row and column access rules

big_slug · June 29, 2023, 2:49am

I have a database consisting of a main table and users table, where access rules dictate what columns a user can see based on their role.

For some columns, access needs to be restricted based on user role AND whether the current user is assigned to that row.

For this restricted column, my access rule looks like

'Role 1' == user.Attributes.Role and rec.Assignee == user.Attributes.Name R U

This rule successfully prevents users whose role isn’t ‘Role 1’ from seeing the column, but it does not allow a user who meets both conditions to read or update the column - instead, the column is displayed but contains ‘CENSORED’ for every entry, including rows where the current user is the assignee.

How can this be fixed so that Mike can read and update ‘Restricted Column’ for Task 1 ?

Link to reproducing example:
https://docs.getgrist.com/hELZirTiNDeq/Troubleshooting-Example

jarek · June 29, 2023, 2:38pm

Hi @big_slug, welcome to the forum!

Can you make your document public? Here is a description how to do it.

jarek · June 30, 2023, 11:10pm

Hi @big_slug,

The problem is with rec.Assignee. This is the whole row, not a name column. To make it work, you need to create a formula column in Main Data Table called for example: AssigneeName with a following formula: $Assignee.Name, and update your rule to use this new column: 'Role 1' == user.Attributes.Role and rec.AssigneeName == user.Attributes.Name