I have a few different scenarios I am looking to use some logic like this, but will use the Search Scope as an example.
I am trying to create a scope called "My Site's Computers" where it will list all computers that match my Office Location. Using the following Xpath filter does not work, but seems in theory close to what I want to accomplish:
/Computer[OfficeLocation=/Person[ObjectID='%LoginID%']/OfficeLocation]
Basically saying, return all computers whose location matches the location of the logged on user.
I would try to use the same logic when applying MPRs to allow permission to edit objects based on the same kind of concept to say a person can edit all computer objects at their site. The goal of this would be to simplify the amount of rules/set involved and not have to create a pair of them for every grouping of objects.... I could get away with just one potentially.
mostly it seems like this relationship can only be made by a property being equal to the loginID itself, but not a property of the loginID object. I found a thread listing the possible environment variables, but again loginID was the only relevant one.