Add "Restricted" view rather than requiring read permissions to each visible subview

[grantfitzsimmons]

In this instance, my user has permissions to read and create CO records along with read permission to a few other tables but I am unable to view a CO record since I don't have read permission to the Collection Object Attribute table.

Specify 6 had a more "elegant" solution compared to a complete block.

(If you catch this issue in time, the user is DemoUser (pw: testuser) on the sp7demofish site)

[maxpatiiuk]

This is a limitation of the permission system at the moment:

If user has read permission to a table, the user must also have read permissions to all the dependent relationships as they are included together in the API response.

A workaround would be to display a different form for such users that doesn't include the subviews you wish to hide (or just give people the read permission to the related table - you don't have to give them edit permissions)

We could have the back-end mask out the dependent relationships before sending them to the front-end, but like Ben mentioned at the time that could have potentially catastrophic consequences:
Once front-end edited a resource with dependent relationships cut out, and sends that to the back-end, a back-end bug may delete the dependent resources, rather than correctly detect that the user doesn't have permission to update those resources and ignore the changes.