Missing insert permission

Hello, when trying to add a document to a collection over a realm function (Application Authentication) I get following error:

role “owner” in “myApp.Query” does not have insert permission: cannot use ‘user1Id’ in expression; only %% like expansions and top-level operators may be used as top-level fields

My rule looks like this (I insert something into this collection with either user1Id or user2Id being set):

"Query": [
        "name": "owner",
        "applyWhen": {},
        "read": false,
        "write": {
          "$or": [
              "user1Id": "%%user.id"
              "user2Id": "%%user.id"