Returning only things owned by user

[Mike Hedman]

I would like users to be able to get a list of things that they own...but only the things that they own.

In the access control example, I thought that I could achieve that by substituting "$owner" for "admin" in the principalId property:

    {
      "accessType": "READ",

      "principalType": "ROLE",

      "principalId": "$owner",

      "permission": "ALLOW",

      "property": "find"

    },

but when I do this, and call GET /api/projects I get a 401 Authorization Required error, for both project owners and admins.

Alternatively, if I replace the principalId with $everyone, then the user is able to see thing which they do not own.  

Is there a proper way to set up the ACL for this kind of owner filtering?

Thanks!

(sorry for cross posting with Gitter - but it seems like nobody is logged in there today)