If a new security predicate has been added but users can still see data they do not own, what must they do?

When a new security predicate is introduced to restrict data access, a user's session might not immediately reflect these changes due to how sessions are handled in most systems. Logging out and then logging back in effectively refreshes the user's access token and re-evaluates any permissions or predicates that have been modified.

By logging out, the system clears the existing user session and any cached permissions or settings that were active during that session. When the user logs back in, the system re-applies the latest security predicates, ensuring that the user only sees the data they are entitled to view based on the newest security rules. This process is necessary because changes to security settings often do not propagate until a new login initiates a new session.

In contrast, other options like refreshing the data view, syncing access settings manually, or clearing the browser cache do not guarantee that the latest security configurations will take effect. Simply refreshing or clearing the cache may not address the underlying session authentication issue that could still allow access to data outside of the user's permissions. Therefore, logging out and then back in is the most effective way to ensure the security updates are recognized by the user.