I am using dreamfactory on bluemix and cloudant database as a service in dreamfactory.
I want to setup several roles for my app and give different access controls to different roles. So I’ve been trying to setup record level access control in dreamfactory.
I gave access to a users database to a particular role, and I also allowed only a couple of methods (GET and PATCH). It’s working fine but when I try to add advanced filters, I’m not able to see any difference.
For example every user in the users database must have a property called “org_email”, and only the user whose email on dreamfactory equals “org_email” field in the users database in cloudant should have access to that particular record. So when I log in as a user with that role, and make a GET request to that database, I still see every record in that database.
This is what I did. Please do let me know if there’s anything wrong with it.