Hi All,
My app has user roles “Provider” and “Client.” Providers have multiple clients and can see their personal information. It is required that all personal information be fully private, allowing only approved providers. I want to use option sets for their functionality, but they can’t have their own privacy rules.
Designing for privacy first, not large numbers of relationships like social media.
Question 1
My User has a field “connected providers” (list of Users) used in privacy rule like this:
Do those two rules make sense for allowing only the individual user and their “connected providers” to view their User data? I have been trying to wrap my head around using a custom data type “permission” between “provider” and “client” Users, and still have not figured it out.
Question 2
I’ve read the following is a suggested way to implement private page redirect logic for different user roles. how are my pages private if the User’s role is in an Option Set and has no privacy rules?
Question 3
What about my “client” users having a field like “Symptoms” that is an Option Set? If my User privacy rules from question 1 protect all fields of my user, can my users fields be Option Sets and still considered private under my User’s privacy rules?