Restricting a record based on a relationship on associated logged in contact
Hi to give some background we have accounts that have "product restrictions"
which means we don't want to show certain products to contacts associated with those accounts as an example
Contact logged in owned by Account A (no restrictions) can see all products Contact logged in and owned by Account B (has 3 restricted products) - this user should not see any products they are restricted for
yes, i do this in some projects. The key to this answer are ParentChild Permissions.
Basically, you define over a relation, what things are visible. In your case, there is either a direct relationship between accounts and products or you create a table, which maintains the relations. I usually do the latter one. So i create a table (an entity) which points to the account and to the product, which should be visible. For each product you have one entry in that table.
Then i create a tablepermission read for that table in accountscope to read all entries which habe the account of the contact.
Then i create a Prental scoped permission on a product selecting the former created permission as a parent and allowing products linked to this entity (table) beeing visible. This should do the job.
Does this sound resolving your issue? If not ping me, may be i can explain a little more with an example.
Ah, and the accounts beeing able to read all products should be given a role containg a tablepermission global to read all products 🙂