Allow for differentiating between one-off and role-based RBAC

[skamensky]

If we want to share records as one-time exceptions and then later reset the state of the record to what it would be without the one-time exception, we don't have a way of differentiating between those two ways of sharing.

In Salesforce, there's a concept called "RowCause", this allows you to filter out Salesforce's equivalent of RBAC rules to ones that were added as one-off's. In this way it's trivial to reset record access to respect the role based RBAC (just delete all RBAC rules that have a "RowCause" of manual/custom).

What would it take to add that feature to Corteza?

[TIOF]

Would it make sense to give a Start Date and End Date to that rule?

[skamensky]

That could be an additional feature. My idea doesn't require it though. For my use-case personally, I wouldn't need time-based rules. I would schedule automation to do cleanup instead.

[tjerman]

Hmm that does sound like a neat addition. At some point we'll be expanding on how anonymous/unauthenticated users can interact with the interfaces so I think then is when we'd be looking into this.
I'll take it up with the rest of the team for some more feedback.