So just to be clear, in order for the user to be able to only view & edit their data table 1 has to contain their email address?

It seems that table 3 is just a ‘form’ based on table 1? Why not eliminate table 3 and just give access to table 1 directly via the standard form interface?
Is there a reason why table 2 stores the email along with a reference to table 1 instead of just including an email field in table 1 and only have one table?
You should technically be able to create a security filter in table 1 based on the INTERSECT() expression between table 1 and table 2, but again I’m wondering about the need of table 2 if you could just create a column in table 1 UserEmail with initial value of USEREMAIL() and then apply a security filter only to table 1.

My goal is to extract certain information from a data source and have it automatically update a file in which the app would read (Table 1). Then I need a place to store any edits (Table 3) since Table 1 would be written over as the data is updated. I created Table 2 (since Table 1 does not contain the email) in hopes to provide a way to have the security filter since I want a manager that has access to all information and then users that will be able to access and change only their information.