Limiting record access using record rules
A common need for any application is it to have the ability to limit which records are available to each user on a specific model.
This is achieved using record rules. A record rule is a domain filter expression that's defined on a model that will then be added to every data query that's made by the affected users.
As an example, we will add a record rule to the Library Books model so that users in the Employee
group will only have access to public books.
Getting ready
We will continue using the my_library
module from the previous recipe.
How to do it...
Record rules are added using a data XML file. To do this, perform the following steps:
- Ensure that the
security/security_rules.xml
file is referenced by the manifestdata
key:Â Â Â Â 'data': [ Â Â Â Â Â Â Â Â 'security/security_rules.xml', Â Â Â Â Â Â Â Â ...