A role has three levels of permissions:
- Global permissions - apply globally without differentiating between assets (data objects, files) which might be "subjects" of an API invocation
- Asset container permissions - apply to a specific asset containers (data table, messaging channel, file directory, geo category)
- Asset permissions - apply to a specific data object or a file
To edit global permissions login to Backendless console, click the Users icon, and click Security and Restrictions. The bottom part of the interface shows a list of permissions. Click the role for which you need to edit the permission - console shows a global permission matrix. Each column represents a Backendless service. The cells in a column represent operations which belong to the corresponding service. Clicking the icon in a cell will change the permission between GRANT (green check mark) and DENY (red cross). When you click to make a change, the permission is modified and becomes effective immediately.
To edit asset container permissions, navigate to a screen in Backendless console which corresponds to the asset container. For example, for the permissions on data tables, click the Data icon. Every screen will have a permission button, which is always in red color and located in the upper right corner. Select the container for which you need to modify the permission. Click the Role Permissions menu item. The columns in the user interface represent operations, the rows contain roles. At the intersection of the roles and operations is a permission which applies to the role/operation. Clicking the icon in the intersection changes the permission. The only exception to the rule is the File Service - permissions for that one are managed at the directory level.
See the documentation on how to edit asset permissions.