Custom filter on field instead of whole record?

I have a field under the user record that should only be updated by the user itself. If I set the access of that field to “update” under a role, it looks like users under that role would be able to update the field on any user they have access to. They need to be able to update other fields on other users, so I also can’t restrict them to not have update access to those users, and if I set the field access to “read”, they won’t be able to update that field on their user record.

Is this type of permissions currently possible? Basically, I want to be able to specify a custom filter (something like: { "id": { "equals": "__loggedInUserId" } }) on a specific field for “update” access and not the whole record.

2 approaches can work.

  1. Approach one is on the role go into the fields drop down and specify which fields they have access to reading vs editing.

  2. In order to let a user edit their own account, create a role like AppUser that only gives self-management permissions (Read and Update = { "id": { "equals": "__loggedInUserId" } }). Then make another role like UsersManager that allows them to only see the other user accounts they should be able to see as well as update the specific fields.


Ah makes sense, I didn’t think about creating multiple roles