The document and records contain fields and formulas that are privacy checked before they can be viewed by users. This section outlines how data is exposed to users. At the core, each field is prefixed with a privacy modifier.
|public||Anyone can see it|
|private||No one can see it|
|viewer_is<field>||Only the viewer indicated by the given field is able to see it|
|use_policy<policy>||Validate the viewer can witness the value via code; policies are defined within documents and records via the |
These modifiers are great for revealing simple data common between all viewers of the document. Viewer-dependent data is achievable via a privacy bubble using the
The private modifier hides data from users. The public modifier discloses data to users. If no modifier is specified, the default is private.
Inside the angle brackets denotes a variable local to the document or record which must be of type client. For instance
Here, the field owner is referenced via the privacy modifer for data_only_for_owner such that only the device/client authenticated can see that data.
As visibility may depend on some intrinsic logic or internal state,
use_policy will leverage code outlined via a policy. This code is then run when the client wishes to see the data.
While privacy policies ensure compliance, we can leverage bubbles to efficiently query the document based on the viewer.