Every data objects saved in Backendless obtains its own access control list (ACL).
Object's ACL includes permissions for users and roles for all Data Service operations.
Using ACL an application may be configured to allow users (and/or roles they belong to) to be able to execute Data Service API calls.
For example, in a shopping app you may have the Customer and SupportRep roles. Users in the Customer role may have the permission to create and update objects in the Incident table, but they don't have an opportunity to delete them. At the same time, a user in the SupportRep role may have the permission to delete those objects.
Object ACL configuration can be accomplished via API or Backendless console.
This topic reviews the case of Console usage.
In order to get to the ACL screen for a specific object a developer should follow the next steps:
- Login to Backendless console, select an app and click the Data icon.
- Select the table to get to the data object you need to modify the ACL of.
Click the "key" icon in the ACL column:
5. Adjust the permissions for the roles and/or users as it fits an app. A permission can be adjusted by clicking an icon at the intersection of a row representing user or role and a column which represents an operation.
For example, the screenshot below restricts access to an object for any not-authenticated user and does not allow users in the Customer role to delete the object: