How is everyone handling record security, when requirements require dynamic visi

I may have forgotten about that constraint. However I think the solution I have in mind might still work. First, set the record field to "Id" (or whatever the primary key is, for example), and the operator to "In". For the expression (which I recommend eventually migrating off to a separate expression rule), you can still refer to =loggedInUser(). So within the expression, first have it checked whether loggedInUser is a system administrator; if so, do a quick Query Entity and pass back a list of all record IDs. If not, query for record IDs where the stored "initiator" = loggedinuser(), and pass those back. In both cases I believe the record listing will then only show the entries applicable for that user. Also I *think* this query would only be done once upon loading of the list, so it hopefully shouldn't cause much performance impact.

I may have forgotten about that constraint. However I think the solution I have in mind might still work. First, set the record field to "Id" (or whatever the primary key is, for example), and the operator to "In". For the expression (which I recommend eventually migrating off to a separate expression rule), you can still refer to =loggedInUser(). So within the expression, first have it checked whether loggedInUser is a system administrator; if so, do a quick Query Entity and pass back a list of all record IDs. If not, query for record IDs where the stored "initiator" = loggedinuser(), and pass those back. In both cases I believe the record listing will then only show the entries applicable for that user. Also I *think* this query would only be done once upon loading of the list, so it hopefully shouldn't cause much performance impact.