read and write permission only for user who create the record

[Giorgio Draghetti]

I need to register some user activities on the DB as records.

Am i correct if i say that the ACL object is the only data protection?
It is correct that without any ACL record config any DB user can read any DB records?

The activities that i need to register are personal activities. Only the user who create them has to have access in read and write mode.
If i well understood, for my scope, the ACL object needs to be like this:
{ "*": { "read":false, "write":false }, "xxxxxx" : { "read": true , "write": true } } }
where xxxxxx is the "_id" of the user who create the record.

Now my question is: how do i map the user ID in the name of the object?

I tried this:

but it doesn't work: the resulting acl is this { "*": { "read":false, "write":false }}

Thanks in advance

[Serhii Kulibaba]

Hello Giorgio,

Please add mapping arrow from userID to acl and add JS for this mapping:

return { "*": { "read":false, "write":false }, '"' + value + '"' : { "read": true , "write": true } } };

[Giorgio]

Sorry for delay.
Thanks for your answer, was not so obvious for me.
Your code needs a little correction:

codevar s= '{ "*":{"read":false, "write":false}, "'+value+'":{"read": true , "write": true}}';
return JSON.parse(s);/code