Hmm.... This is up for experimentation.
How many fields do you have on your table?
If you have more than 4 fields, then you will need an ACL that grants somebody access to all fields (admin, perhaps), and 4 ACLs that grants access to people with a lower-level role.
If you only have 4 fields, only 4 ACLs will be required, coz those ACLs will grant access to an admin directly.
I also want to add that ACLs are a real pain to work with.
There are several reasons for this:
- Conflicts : This is the biggest reason of them all. Sometimes you will find parent table ACLs trying to provide/take away unnecessary access from your child tables. Other times you will find a * level access trying to grant access to all fields, whereas you only want to grant access to few of your fields.
- Huge number of ACLs : On tables like customer case, you'll find a 100 ACLs, which may cause some confusion at first. Always narrow it down. If your requirement is making a field readonly (for example), then perform a group by action, and look only at Read ACLs.
- Context : Its hard to give the full context of your situation in words to another person, so most often people are left to fight ACLs on their own (lol)
Use an Access Analyzer to understand better what's going on.
And keep the number of ACLs to a low so you don't have to struggle debugging them next time...😁
