I have a custom ticketing system in a model-driven app (Dataverse). Tickets can be raised by any person in the organization via a Power App. Users need to see both the tickets assigned to them ("raised on me") and the tickets they have raised ("raised by me"). To achieve this, we have granted users 'read' access to the organization and restricted their views by removing edit filters and the advanced find option. Despite this, users can still access all tickets from the backend. How can we further restrict this access, or is there any workaround?
Thank you