I have an object Organization which has a 0:1 association to Person (which inherits from system.user) and to Project. I have made a security group on Organization on the association to Person. I would expect the security group to show on the instance access for project. But it doesn't. It seems to me that this is the same as the department - user - order example described in an earlier question. What am I doing wrong? My goal is to only allow persons to access projects related to their organization.
Frans Verschoor (FraternIT)
From your question, I cannot tell what exactly is amiss in your security group settings. However, instead of using security groups, which will no longer be available in the 2.5 release, you can use an XPath constraint in the instance access settings of your Project object:
This constraint ensures that Persons (users) can only access projects that are related to their organization. Of course, you have to replace the names in the constraint by the actual names in your model.