In our app we have account managers and project managers. Account manager are supposed to create invoices. But they only have to see their own. The project manager however, have to see all of them. So I want to constrain the invoices in entity access for the account manager. How can I apply a entity access rule which is constraining the invoices for the account manager?
You can add a separate module role key account managers and add the entity access for your invoice object. All the way in the bottom you can select show xPath Constraint. Select it and there you can constrain it by owner, or if you use a default path to a user you can limit it via Path to user.