Hi, I’m facing an issue with Access Rules after changing a column type from Reference to Reference List in Grist.
Current Setup
-
Access Rules
-
Column Type = Reference
With this setup, Daniel Eng can see the projects assigned to him:
Issue After Changing to Reference List
Since multiple people are involved in each project, I changed the column type to Reference List:
However, now Daniel Eng can no longer see the projects he’s involved in:
Question
How can I set the Access Rules so that users (like Daniel Eng) can see the projects listed in the Reference List column where they are involved?
I have a similar issue and would love an answer to Yin’s question.
I my situation, I have People who are all assigned a Region. In my Users table, users can be assigned to multiple regions using a Reference List.
I would like to restrict users to only see People in the Regions they have been assigned to.
I’ve tried conditions like these, but to no avail
rec.Region in user.Permission.Region
rec.Region == CONTAINS(user.Permission.region)
Can someone steer us in the right direction?
Thanks, David.
Hi @Yin_Min_Loong ,
Apologies for the delay in getting you an answer! I had missed your post. If People is a reference list column, you would update your condition to be user.People.id in rec.People. Then, people would only see the Projects they are listed for.
For your user attribute to lookup, you are currently looking at Name (user.Name). I would recommend looking at Email (user.Email) instead. Users can change their name on their Grist account. Let say Daniel removes his last name so instead of Daniel Eng, it’s now just Daniel on his account, he would lose access to things since it no longer matches to what is in the People table. It is not possible to change the email on a Grist account so you don’t have to worry about losing access. The only thing you would need to change in Access Rules is the user attribute. Look up attribute user.Email and match it to the Email column in the People table.
Hey @David_Hawley !
Yours is a bit more complicated - I set up your example here: #7955 - Grist
We have a Region table, a Country table and the sysUser table. Country has a reference column to Regions table and sysUser has a reference list column to the Regions table.
You have a user attribute looking at the email of the logged in user and matching it to an Email in the sysUser table.
You want to grant users access to tables based on what Regions they are assigned. The conditions here will be different in each table, depending on if Region is a reference column or not in that table.
In the Country table, Region is a reference column. Reference columns store a record’s ID. Our user attribute is looking for a record in the sysUser table in order to find out more information about the logged in user. In order to find out what Regions a user is assigned to, it looks at the Regions column in the People table. The Regions column in our People table is a reference list column, it also stores each listed record’s ID. Because both are reference (or ref list) columns, we look to see if the ID listed in the Region column of the Country table matches any of the Regions listed for the logged in user (rec.Region in user.Permission.Regions).
Looking at the Region table - the Region column is not a reference column. The Regions reference list column is a reference, pointing back to this table. So, we match the ID of a record in the Region table to an ID listed in the reference list column, Regions for the logged in user (rec.id in user.Permission.Regions)
I hope that all makes sense! Please let me know if you have any follow up questions.
Thanks,
Natalie
1 Like
If I’ve said it once, I’ve said it a hundred times…that Natalie is amazing!
Thanks so much. I’ve been tripped up by not using syntax like rec.id before. I must make a mental note not to fall for it again.
