I would like to ability to restrict the creation, modification, and deletion of objects and their fields in the data privacy tab. Use case: some users should only be able to create/edit an object of a class while a different subset may only view that same object of the same class. This will add an extra layer of security preventing accidental modifications on objects already viewable to the user.
Why don’t you add some conditions on your workflows? These are computed sever side so it’s secure.
I’ve added these constraints to workflows, but this would be another layer of security and limit the number of conditions one has to write. Ideally, the conditions should be checked at the role and workflow level unless absolute performance is the goal.