In my app User A fills out a bunch of forms and saves this to the database (there are 10 databases altogether each collecting data). User B comes along and wants to review the data in these forms.
I have been able to get the privacy set up so that as long as User B enter the correct project name in his profile, the privacy expression will give him access to this information.
However, doing it this way, adding in this expression into each of the 10 databases is a bit laborious and will be even more so when there are many more projects on the go at the same time. There will end up being lots of different privacy expressions.
The other issue is that if User C who knows that he just needs to put in the name of the project correct into the field in his profile account, will get access to all the data for that project doesn’t make it seem safe.
- Is what I’ve described above the ideal way of managing this, in this scenario?
- How can there be a human validation check so people can’t just type in the correct project name and get all access?