Stream Level Access
拥有Stream所属组的用户就可以查看到Stream
Stream_*
Read
((user.@Group=resource.@Group))
App Level Access Rule with group
拥有APP所属组的用户就能查看APP
App_*
Read
((user.@Group=resource.@Group))
App Level Access Rule follow stream and without group
如果APP本身没有设定组,那么拥有Stream所属组的用户就能查看到APP
App_*
Read
resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@Group.empty()
App Object Level Default Access Rule
拥有APP的查看权限,那么就能查看APP里面的对象
App.Object_*
Read
resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel" and resource.app.HasPrivilege("read")