Hi @mortoza_khan, In my experience and from what you say, you should proceed as follows:
-
Create role
-
Assign permissions
-
Restrict access to tenantId field
This automatically removes access to the tenant field of all your views from users who are assigned to that role.
Now what happens and I’m sure it happens to you is that even if the user is associated to the role, if that user tries to create a role, then he can see absolutely everything (regardless of the limits imposed). Several days ago I asked for help on this, but so far I have not implemented it. It is time to validate if this solves the permissions assignment issue completely by limiting the assignments.
I hope I helped you.
Saludos,
Nelson F.