NSPersistentCloudKitContainer's canUpdateRecord always returns true.

I'm using NSPersistentCloudKitContainer to sync CoreData to CloudKit public database but I have the problem that canUpdateRecord always returns true even for objects created by another iCloud user with _icloud role permission set to Read only. Am I missing something?

I vaguely remember that I saw the same issue when playing with the API + CloudKit public database, but it was long time ago and I lost the case that reproduced the issue.

Do you have a reproducible case? If yes, I’d suggest that you file a feedback report with it to see what the Core Data + CloudKit folks have to say – If you do so, please share your report ID here.

Best,
——
Ziqiao Chen
 Worldwide Developer Relations.

FWIW It's a quite simple app slightly modified from the Xcode template for CoreData + CloudKit project.

struct FeedbackContentView: View {
    
    @Environment(\.managedObjectContext) private var context
    
    @FetchRequest private var items: FetchedResults<Item>
    
    
    var body: some View {
        NavigationStack {
            List {
                    ForEach(items) { item in
                        let creator = CoreDataStack.shared.container.record(for: item.objectID)?.creatorUserRecordID?.recordName
                        VStack(alignment: .leading) {
                            Text(item.timestamp!.formatted())
                            Text("Mine")
                                .foregroundStyle(.secondary)
                                .opacity(creator == "__defaultOwner__" ? 1 : 0)
                            Text("Can Edit? \(CoreDataStack.shared.container.canUpdateRecord(forManagedObjectWith: item.objectID))") // Always `true`
                        }
                    }
            }
        }
    }
    
}
NSPersistentCloudKitContainer's canUpdateRecord always returns true.
 
 
Q