Hi all -
I'm currently trying to figure out the best way for certain user groups to only be able to view and edit their own resource instances (ie resource instances they created).
We have a use case that requires:
1) that a user group be able to create and edit resource instances for submission to an authority , but not be able to view / edit other users' resource instances.
2) once a resource instance has been submitted, the user group should be able to view the submitted resource (for submission tracking purposes) but no longer be able to edit it.
I'm just wondering if anyone has implemented this type of functionality or has any insight on the best approach before I head off into the weeds.
For #1, I'm thinking that a search filter might be a good way to do that. The filter would only be applied to certain user groups. I'm just wondering if that seems like the right approach or if I'm way off base.
For #2 I'm guessing some sort of dynamic authorization would be necessary, based on a resource tile value. I haven't wrapped my head around how might be done yet, but once again wondering if someone has already implemented this type of functionality.
Thanks so much!
Brett