Data Permissions - Ideas for 0-to-Many relationships

Dear Community,

I’m currently working on setting up data permissions on IBC. They work as excpected, but that is somehow a"problem" as well.

Here’s an example of my data model:

The two tables are linked via two columns, a company code and an event id.
Additionally, the two tables have a “0-to-many” connection, meaning that there can be cases without a connection to the events table, and vice versa.

I want to set up data permissions based on the company code.
As far as I understand (and validated during testing), data permissions are always “AND” connected, and the tables are always inner-joined

This means, when I set up data permission on column “cases”.“company code”, I will not be able to see the events x,y,z, because there’s no respective case for them. Vice versa, setting up data permissions on “events”.“company code”, the will not be able to see case id 4, because there’s no link either.

Setting up data permissions on both tables will not lead to any other result due to the AND connection.

Again, the permissions work fine and as expected. But i wonder if there’s a way to deal with this use case, other than rebuilding the data model or adding dummy records in either table.

Do you have any recommendations on how to proceed? I can imagine this problem will arise more frequently when e.g. using multi-event-logs where 0-to-many relationships should occur quite regularly.

Thank you for your help!


Hi Max,

Thanks for your very detailed question, that makes it very easy to follow your thoughts!

The data permissions work exactly as you’ve figured out, and unfortunately that makes your original request unable to work. However, the workarounds you described, are also feasible :wink:

I would suggest to add a table to your data model (if it does not already exist) that contains all used company codes and possibly more information to specify them. Then you can join this table to your case table and also use it for data permissions.

Best regards!