I'm trying to configure Providence so that users in a specific User Group can only view and edit records created by members of their own group. Users should not be able to see or interact with records created by other groups.
I have already enabled the following in app.conf: perform_item_level_access_checking = 1
However, it’s not working as expected. Users can still see all records globally. I suspect my Access Roles might be overriding the item-level settings, or I'm missing a default setting to restrict new records to the creator's group automatically.
My setup is:
Multiple User Groups (Group A, Group B, etc.)
All users share the same Access Role (for cataloguing).
I want Group A to be "blind" to Group B's data.
Specific questions:
How should I configure the Access Role permissions for ca_objects so they don't override item-level security? (Should I leave them blank/no access at the role level?)
Is there a way to automatically assign "Group Access" to a record based on the creator's group upon saving?
