With API 3.12 through DataControl objects is possible control the access to data  of the logged user for a given object connected to the target. 

For instance if we want to give access only to voyages connected with the business units that the user belong to, a DataControl object like this has to be posted:

{
	"matcherTarget": "BusinessUnit",
    "matcherAttributeTarget": "users.key",
    "objectName": "Voyage",
    "attribute": "voyageHeader.businessUnit"
}

• matcherTarget defines the Dataloy object that has to be used as target object
• matherAttributeTarget defines the attribute in the object target that links the object with the user
• objectName the Dataloy object that has to be applied the access control
• attribute the attribute name that link the  Dataloy object with the target object

The objects not connected to the target will be accessed by all users (for instance the voyage not connected to any business unit).