Say I have a content type called Books, with a relation that a User has many Books. The User comes from the User & Permissions plugin. When my front-end authenticates that User, I get a JWT and I can use the Strapi API to retrieve content, per the Authenticated role (by default). If I give this role access to Books, then any authenticated user can see all Books, even ones that do not “belong” to them.
Is there a way to set up the roles and/or other permissions to scope access to the Books, so only the User who created the Books can see his/her own Book records?
This topic has been created from a Discord post (1214413952289738853) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord