User ID Security on Master table breaks record insertion for Detail Tables (v2025)

I have the master table "Orders" with four detail tables. The master table has User ID security enabled on the "Employee" field with Allow View All enabled so salesmen can see each others orders but cannot edit each others orders. The "Employee" field contains the UserID of the owner of the order as it should (verified in database) as an Int(11).

Of course in the list of Orders the Master/Detail Edit button now only shows up when the current user owns that Order, this part is working properly.

Unfortunately now when the user who owns the Order goes to insert a row to a detail table using Master/Detail Edit an error is thrown:

The current user (X) is not authorized to insert the record. Master filter: OrderID = X

...where X is the specific UserID and OrderID.

None of the detail tables have User ID security enabled and they all have the proper permissions in User Level security.

The only relevant custom code is in Orders -> Row_Updating where I have:

$newRow["Employee"] = $oldRow["Employee"]; 

to keep the owner of the record the same through edits.

Orders are created from Quotes in the "Quotes" table, which is nearly identical to the Orders table and they even use the exact same detail tables. The Quotes table does not have User ID security, instead it has a generic filter that only shows the Quotes the current user made. In this near identical table without User ID security, salesmen are able to do Master/Detail Edit to insert detail table records with no issues at all.

This is with PHPMaker 2025.

Note that in Master/Detail-Add/Edit, the foreign key of the detail table points to a master record, and the user needs to own that master record to change its detail records. If you also use User Level Security, you may bypass (not recommended though), you may grant the Access permission to the user's user level so the user has permission to access the detail records.

The user owns the master record, which I verified in the DB. And the detail records have no User ID security, only the master record does.

That being said granting the User Level the "Access" permission for all the detail tables fixed the problem.

But as you as you said this is not a recommended solution, since that user role can now access all records for those tables, although my frontend doesn't expose this in any way.