If possible, the role should be set to employee when the domain is xyz.com
When I read about the roles in the documentation it refers to the old pricing concept I believe
If your app is on a Private Plan, you can assign roles to the users in your [User Profiles] table.
I wonder how this works with the new pricing concept?
It could be great if logic applied on user profiles table could open up for rows owned by a certain role - in the example above if you have the xyz.com domain then you get the role employee and then the rows in the table with private images are made available to use.
I’m not sure it still works with the new plan, but this is the way to whitelist a domain in the old pricing scheme.
For your case though, would it be possible to set a role as the domain (using some backend manipulation to have the domain as a basic column) in both the users sheet and the images sheet? I would assume that would do the trick.