after a while, I figured out how to make it so the user role in my project can only access their own directus_users entry by using filters in the custom permission entry.
However, I’d want to make it that the user can access (almost) all values on themselves, but still access a few select values of other users. How would I achieve this? I tried to justt create a second entry for the same collection, but that seems to not be possible.
If I understand your use case correctly, you could achieve that by:
Ensuring all collections have a user_created field
Create and attach a policy that allows for all fields with a filter rule that says “user_created _eq $CURRENT_USER”
Create and attach a policy that allows a limited number of fields, with an empty filter rule (eg everything)
This means the user can read all fields on items that have a user_created that matches the current user, and only some of the fields for the other items.
I’ll mark this as solved for now, but happy to keep discussing below if that didn’t work for you
