Found it, but don't know what to do about it. Here is what the DAL is spitting out:
SELECT auth_user.first_name, training_requirements.course_id FROM auth_user LEFT JOIN training_requirements ON (training_requirements.user_id = auth_user.id) WHERE (((training_requirements.course_id = 8) OR (training_requirements.course_id IS NULL)) AND (training_requirements.request_tenant = '1')); The tail end of the query should be like this: AND((training_requirements.request_tenant = '1') | (training_requirements.request_tenant IS NULL)) What I really want to do is check the auth_user entries against the request tenant. Training_requirements is just a link table and I don't really see a need to protect those records since the objects on both ends of the link get protection. I really don't want to start writing native SQL to work around this.
