Access is granted to all users when attempting to use custom properties to manage stream access.
Stream access is set up using customer properties. Only users with the specific custom property should have access to the stream, but all users are granted access instead.
The current security rule is set up as follows:
Where Project is the name of the custom property.
The condition translates into: ((resource.@Project=user.@Project))
Cause:
The original condition includes every user who has no custom property and therefore grants access to every stream which has no custom property.
Resolution:
A requirement is needed to be added to the condition.
((resource.@Project=user.@Project and resource.@Project!=""))
A security rule will match every Stream to every user who has assigned the custom property 'Project'.
It is possible to match other resources through this rule for example apps or data connections or it is possible to include them to the existing rule.
This includes that the customer property can't be empty to start working.
If you click on 'Validate rule' the rule should look like this: