auth_totp wizard access rules 1 1 1 1 Users can only access their own wizard [('user_id', '=', user.id)] Public users can't interact with keys at all [(0, '=', 1)] Users can read and delete their own keys [('user_id', '=', user.id)] Administrators can view user keys to revoke them [(1, '=', 1)]