is there a “golden way” to restrict each user to its own data?
Let’s talk about “game achivements” by my registered user.
Him will need to:
- create records in a mongodb collection called Achivement
- edit this records
- view only his records
I saw the user_id_on_create and api_read_only fields but I’m not able to figure out this.
Is only a schema topic or also a service security one?