Restricting Portfolio Plan Visibility in Strategic Planning Workspace (SPW/Xanadu Build)

Hi all, I’m working in the Strategic Planning Workspace (SPW) using the Xanadu build, and I need help validating the best way to restrict visibility of Portfolio Plans.

What I’m trying to do:

Ensure that users only see Portfolio Plans they own, unless they have elevated roles such as admin or sn_align_core.apw_admin.

Environment constraints:

• The Data Resource (load_tab_details_for_portfolio_plans) is locked and cannot be modified.
• sys_ux_list_menu_config is not applicable for this table in SPW. It doesn’t tie to sn_align_ws_portfolio_plan as expected.
• I want to avoid cloning core Data Resources or hardcoding logic that could break during upgrades.

Current approach:

I’ve implemented a Before Query Business Rule on the sn_align_ws_portfolio_plan table:

if (gs.hasRole('admin') || gs.hasRole('sn_align_core.apw_admin')) {

    return;

}

current.addQuery('owner', gs.getUserID());

My question to the community:

• Is this considered a best-practice approach in SPW for restricting record visibility when Data Resources are protected?
• Are there any SPW-native mechanisms (such as filter bindings or conditional Data Broker config) that others have used to restrict visibility without touching server-side queries?

Looking for validation or suggestions from anyone who has implemented this successfully in a similar SPW/Xanadu environment. Thanks in advance.