How to implement Privacy Rules for a list of things to a list of things?

I have three data types: User, Entity, and Brand Kit.

A User can can belong to many Entity's, so I gave it a list of Entity's field.

The Brand Kit can also belong to many Entity's, so I gave it a list of Entity's field.

Then in Privacy Rules I thought I could create a rule on the Brand Kit such as: Current User's Entity contains one of This Brand Kit's Entities.

But the Privacy Rules do not allow that pattern.

If one of those things was a single field instead of a list I could say Current User's Entity contains This Brand Kit's Entity. That would work for the Privacy Rules, but it also breaks the functionality of my app because now a Brand Kit can only belong to a single Entity when in fact it should belong to many.

How do I add a Privacy Rule on the Brand Kit so that only Users with a matching Entity can see it?

Has anyone cracked this?

I still can’t figure it out.

Consider establishing a “current entity” field in the user type and assign it when data needs to be exposed.

I understand that this likely breaks your UI/UX … but if privacy is important enough you might be forced to redesign it

In my experience related lists do not work in privacy rules

Thanks that’s a decent idea

@Minty did the current entity workaround worked out for you?