Issue Summary

This is reproducible on Data Center: (yes)

Regression of the fix of: JSDSERVER-10954 :: Actually, not a regression, but an edge case of the previous bug - applicable for the Note at the bottom of the description.

User A has Developer access to edit object type OTA.

OTA has a reference to OTB, which User A does not have permissions to see.

User A can edit an object of OTA and not see the attribute referencing OTB, and populated with values. Once the OTA object is updated, the attribute containing OTB object is cleared of all values, as User A does have permission to see them... hence, data is lost without the User's awareness

Steps to Reproduce

1. Log in as Admin
2. Create an Object Type - A, with an Object Attribute Type (Reference) to reference Object Type B
3. Create an Object A1 referencing Object B1
4. Grant Manager permission to User X on Object Type A.
5. Make sure User X does not have any Permission on Object Type B - so the Attribute in (2) is not visible to User X
6. Log in as User X, note that you can see Object A1, but you do not see the Attribute containing Object B1
7. Edit the object A1
8. Save with/without making any changes
9. Log in as the Admin again, and inspect the object

Expected Results

The object was not edited - the references to B1 is still there

Actual Results

The object was edited - the references to B1 is no longer there

...

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

NOTE:
Another affected Use case:
The reference from OTA is to OTB including Children.
So, A1 has a reference to a few objects in different Child object types:
OTB_Child_1

OTB_Child_2

User X does not have permission to OTB_Child_1

so editing A1 and saving will remove references to OTB_Child_1 but will keep OTB_Child_2 ...