You can setup custom resource access rules to control the access control to data like process, records and tasks. Every ResourceAccessRule is made up of
- resource - the resource type - procedure/statetask/entity
- resourceId - the resource type id - procedureId, statetaskId, entityId
- subResource - granular part of the resource - can be left null
- scope - 'all', 'team', 'role', 'roleType', 'user'
- scopeId - id of the scope if applicable
- accessMode - 'all', 'match-pod', 'own-and-reportees', 'assigned-to', 'view-only', 'partial', 'none'
today by default
- users can see their own leads and their reportees' leads
- managers/admins see all leads