For each list, access to it and actions on its data can be controlled.
This is done through the predefined user groups and by adding plugins to control a specific action under certain conditions. The plugins are edit row, view row and delete row.
The check is done in the following sequence:
1. If there are plugins added then they take precedence over other checks. If the specified condition is not met and the plugin returns a negative result (return false), then the specific action on a given record will not be able to be performed. After a successful result (return true) of the control through the plugins, it is passed to the next check.
2. When editing or deleting a record, a check can be set to see if the action can be performed by a specific user.

This is defined as the user_id of the logged in user must match the value of the element (Edit Row User ID element or Delete Row User ID element) selected for validation.

If the condition is true, then the row will be able to be edited or deleted, regardless of whether the user belongs to the user group that has rights to do so.

After performing such a check, if the user does not belong to the user group that can perform the action and the result of the check is negative, then the action will not be able to be performed.

Example: If the editing or deletion is only possible by users who are at the level of administrators, but a user is set to be able to do it, then if the user id of the logged in user matches that of the setting (Edit Row User ID element or Delete Row User ID element), he will be able to perform the action.
3. If there are no plugins set, or there are plugins, but the result of their implementation is positive (return true), then the control is implemented through the user groups. If the user does not belong to the user group that is set for the particular action, then he will not be able to perform it.