Pointer Class Level Permission Write Fail

I created a database class for which I want to have public read access but only allow the user that created an object to edit that object. The class stores the user that created the object as a pointer.

I created that class level permission as in the screenshot

Screenshot 2022-05-06 230807

but when trying to create a new object I am getting a permission error

Error: Permission denied for action create on class PlayerMatches.
    at Function.validatePermission (/moralis-server/lib/Controllers/SchemaController.js:1494:13)
    at SchemaController.validatePermission (/moralis-server/lib/Controllers/SchemaController.js:1517:29)
    at /moralis-server/lib/Controllers/DatabaseController.js:810:63
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

If I understand correctly, because the user is not created yet the pointer wont match the incoming request as the pointer is empty. If the object would exist with the user pointer I could edit the object but as it doesn’t exit yet it fails
If I enable write access on public, I can created the object, but then anyone can override the object.

From reading the docs I thought, it should be easy to create a class that is user write protected with public read access by using pointer permissions.

Am I doing something wrong here or is the only way to do this to set the Object ACL to allow only write access to the user when creating the object?

I think that the user has to exist first for that to work.

The options with ACL should work well.

the user did exist before, so that can’t be the issue

reading now again, I think that you have to use ACL in this particular case, I think that with adding a User pointer there in CLP you can give that access only to a user specific to that pointer (I could be wrong)

yeah thats correct, only the pointer user can access, which is why I think this doesn’t work because the user doesn’t exist, yet, so its looking for the pointer which is not there and blocks the access