Security: Only display objects that were created by the current user

Question

How can I manage the rights on an object that the currently logged in user can only see the objects he created?

Answer 1

This can be done by limiting the objecttype-rights using the following clause:
exists (select 1 from sysversionedcreationtraceOwner2user r where r.sysid1=sysid and r.sysid2=currentuserid())

Comments

Important note: This is only possible for static fields that do not change anymore after the creation of the dms-object.

Answer 2

As it turns out, the above solution does not work for select or view rights since the ACL calcucation can not resolve the dynamic part - e.g the "currentuserid()". (For Edit or Delete rights it will work.)
The only workaround is to create one role for each existing user and statically define the actual userid in the clause.
So for example:
exists (select 1 from sysversionedcreationtraceOwner2user r where r.sysid1=sysid and r.sysid2=id'B6ED84A2E6EE4BCBBB50506BEC12133A')
for a user "xy" with user-id "B6ED84A2E6EE4BCBBB50506BEC12133A"

Comments

Hello,
I have tested with the above statemenst with Yuuvis RAD 8.16 and the only thing I get are errors - even syntax errors. What is "sysversionedcreationtraceOwner2user" and what ID should I take? - Is it the ID from the DB in the "xorguser" table in the sysid field?
I want to create a project file where I can select in the folder object the users that are allowed to see the file and everything in the project under it (documents).