Folder Filter Expressions use an advanced syntax string to determine access for a folder. In order to use Filter Expressions, you will need to build a string to suit your needs.
Folder Filter Expressions currently support the ability to restrict or grant access based on a template field value. For example, you can specify that a particular user or group should be able to see only documents with a particular value in a particular field. In the following examples, please note that italicized text is text that should be replaced with the actual values (template name, user name, etc.) you wish to filter based on. Non-italicized text consists of functions and operators used by the server to interpret the filter expression.
In the most basic case—specifying that a single user should only see documents with a particular value in a particular field value—you would use the following syntax:
context ('username') = 'UserName' AND entryprop."FieldName" = 'FieldValue'
To restrict based on the same field name and value, but restricting access for a group rather than a particular user, you would use the following syntax:
(IS_GROUP_MEMBER('GroupName') = 1) AND entryprop."FieldName" = 'FieldValue'
These strings can be further combined using AND, OR, or NOT operators to further refine the search. For instance, you might wish to allow users to see documents with a particular value set or with no value set. You would do so in the following fashion:
(context ('username') = 'UserName' AND entryprop."FieldName" = 'FieldValue') OR (entryprop."FieldName" IS NULL)
If the field whose value determines who should access the folder contents is a multi-value field, you will need to use a special syntax. The following string will grant a particular user access to a folder if any of the field's values matches the specified value:
(context ('username') = 'UserName' AND 'FieldValue' = ANY entryprop."FieldName")
In general, if a user should not be restricted by Folder Filter Expressions, they should be granted the Bypass Filter Expressions privilege, as it also confers performance benefits. However, if you do not wish a user to be constrained by filter expressions for a particular folder, but do not wish them to bypass filter expressions for all folders, you can use the following syntax:
context ('username') = 'UserName'
You can combine these filter expressions for more complex restrictions on folders. For example, say you had a field called "Clearance Type," with three valid values: "confidential," "top secret," and blank. You might have a group, Administration, which should be able to see all documents; a group, Editors, who should be able to see "confidential" but not "top secret" documents, and all users should be able to see documents with no clearance type. You could do this using the following syntax:
(IS_GROUP_MEMBER('Administration') = 1) OR ((IS_GROUP_MEMBER('Editors') = 1) AND (entryprop."Clearance Type" = 'confidential' OR entryprop."Clearance Type" IS NULL)) OR ((IS_GROUP_MEMBER('\Everyone') = 1) AND entryprop."Clearance Type" IS NULL)
Note: There are two ways that a field may have no value. If the field is part of a template that has been applied to the document, it will contain a single null value. If the field was not applied to the document, it will be empty. You can use this to distinguish between fields applied to a document via a template but with no value set, and fields not applied to a document. If you want a condition to apply to either situation, you will need to specify both.