Group Membership Access Control
If you wish to restrict users access to certain resources, you will have to make use of an advanced set of permissions. These are called level four permissions and they can be implemented in the following way:
doc["groups.name.raw"].stream().anyMatch(g -> g == "<group_name>")For instance, in our case, we want the users register_demo and demo to only see each other in the users listing. Since they belong to the same group, we can easily achieve this:
doc["groups.name.raw"].stream().anyMatch(g -> g == "Help Desk First Line"
TIP
Level 4 permissions are inherently complex. You can, however, test them with the help of the fields User to impersonate and Entity to test. While the former field is used for indicating the name of the user that will perform the action, the latter field specifies the target entity where the action will be applied to.
