In a Backendless backend the access to API operations and/or application data can be restricted. A restriction may apply either to specific users or to roles. When a restriction applies to a role, it automatically applies to the users in that role.
For example, suppose you have two roles in a job-searching application - employer and job-candidate. Each role will have a certain set of permissions, for instance an employer can see all the candidates who applied for a job.
Backendless supports two types of roles - system-defined and developer-defined roles. System roles automatically come with the backend, Backendless assigns them based on how user logs in or accesses the app.
For example, the AuthenticatedUser role is assigned to any users who successfully logs in.
The greatest flexibility in tuning security for an app comes in the form of developer-defined roles. A custom role can be assigned to users based on business rules of your app and have a completely unique set of permissions. These permission may restrict API operations and limit access to app data - data objects, files, geopoints and media streams.
To create a developer-defined role a developer should follow the next steps:
- Login to Backendless console, select an app and click the Users icon.
- Click the Security and Restrictions menu.
- Click the Add Role button In the Application Roles section.
- Enter the role name and click the Save button.
Once the role is created, you click the role name to see the global permission matrix (which is a feature on its own and will be discussed separately):
There are many way roles can be used and this feature-a-day series will be discussing them in detail.