[ic] two-tiered admin setup, how?

[Kaarel Jogi]

Hello folks!

Have another problem, multiple levels of admins, no help on docs or list
whatsoever, searched thoroughly.  Lengthy description but it is needed,
seems that the problem is easily misunderstood.

The Question shortly: "What must i put in table_control field for a
admin, to limit the admin to those rows in userdb and transactions that
have his username as value in "owner" field?"

Longer explanation of setup:
There are two groups of admins on my system: salespersons and managers. 
Salespersons are supposed to only see and modify customers they have
made and orders of those customers. Managers should have access to all
customers and orders. This goes for everything in UI:viewing, editing,
reporting.

To accomplish this, on userdb and transaction tables there is "owner"
field set with username of salesperson that the record belongs to.

Now, if I use:
TableRestrict userdb owner=username
TableRestrict transactions owner=username
everything works just fine, except, for the manager to have access to
ALL records he has to be flagged as "super". Which is bad, because it
gives him access to UI edit tools, which he should not have.

Now, if I could instead set the "owner" field setting on per-admin
basis, I could set it for each salesperson(limiting them to record each
owns) and not set for manager(thereby giving him access to all records),
and would not need to set manager as "super", so he cant try out some
"edit menu" control in UI and fsck up all the system.

While searching lists i have seen hints that the table_control field in
access.asc can be used for setting per-row and per-column access. 
However there is no information about actual function and syntax for
this field.

The Answer must be out there, but i have searched for weeks and no wiser
:(  Can someone please help me out on this?

thanks for support
zrg