Entity access does not apply to form (cannot use form without access to entire DB/space?)

I have ran into an issue with the new access model and it seems to be breaking the whole use case.

We have various studies running and study participants are getting reimbursement payments. To facilitate the process, I had set up a “Study Reimbursement Space” for each access group.

I was thrilled with the introduction of the per-entity access controls as that means I don’t have to juggle around multiple identical spaces per access group, however the forms are not playing along and it makes the whole thing useless to me (or maybe I am missing something).

My workaround for the limitation of not being able to share a space without sharing all included databases is doing two spaces:

“Study Reimbursement Space”:
Practically no databases in there, just for the views, forms, and documents, shared with all Study Managers.

“Study Reimbursement Space Data”:
Has all the data, not shared with anyone
Databases: “Study”, “Study Participant” “Reimbursement Request”

The Idea is to handle access rights through the “Study” Database. Study has Study Participant and Reimbursement Request. If you have access to Study XY, you should have access to all Study Participants and Reimbursement Requests of that study.
So far so good, this works for already existing entities.

However, you should also be able to easily add Study Participants to the studies you have access to, without seeing personal details of study participants you should not see.
The forms to collect the data do not work at all. My idea was that in the “Request reimbursement” form, you can select a Study of those few you have access to (and you should not be able to see the other studies because no access) , and select a study participants (while all that belong to any of the studies you have access to should be visible to you).

Now if you open a form which is connected to the “Study Reimbursement Space Data” space, even though you have access to some of the studies in the database, you cannot use the form at all.

Any suggestions here?

1 Like

Simply put, entity-level permissions affect who can edit/view/comment/delete existing entities. They have no effect on entity creation, which is a space-level capability. At the moment, to be able to create an entity (incl via a form) you need to be editor (or higher) in the space where the database lives (which currently implies that you can view/edit all entities in that db).
We are working on improvements to db level access, but probably will have nothing to show until q3.

1 Like

The fact that you cannot share a DB without sharing the entire space has been a problem for ever.
The fact that it is not even on the horizon with the new access model released suggests to me that there will be nothing to show probably until next year, if even.

Very disappointing news to me, considering how many real use cases are out there where you’re supposed to have access to a subset of a DB and where you’re supposed to be able to create new DB entries within that subset frame. Entity-level access control has been the most requested feature since years for a reason.

I’m afraid this breaks multiple use cases for me

1 Like

As I said, improvements to db level access are being worked on right now, and will be delivered later this year.