I have set up my workspace so that users can be assigned as a manger for multiple other users or teams. This is done by the admin account.
However, users can go into their profiles and change their manager. In fact, they can make themselves manager. This is an obvious red flag.
Without any access privs on the users table, and/or no field-level restrictions, is there any way to get around this problem?
Indeed everyone has edit access to their own entity. I don’t think there’s a way to change that right now. There’s work going on in the User Table access control I think as well.
For now, you can make a seprate database called “Person” or “Employee”, and use that instead. Then you have more controlled access.
In order to link (or unlink) items, you need update rights for one of them and at least read rights for the other, so as @RonMakesSystems says, because each user has update rights to their own user entity, and read rights to others, they are able to make (or break) connections in ways you might not want.
We do eventually plan to allow relations to be defined more strictly, i.e. requiring update rights at both ends.
Yes!! So looking forward to this! Ah made my day that this is being thought about.