Backendless Support
 
Solved

permissions in file changed?

my shared cloud app 1B92F985-D9EF-9689-FFAC-C7E5FE5F2A00.

I noted that something in file access is changed.

I have file folders structure like Root->images->company->companyId->image files.

And I have set permission to read for Unathenticated user role in Company folder. That way when I opened url from subfolder, like

https://api.backendless.com/1B92F985-D9EF-9689-FFAC-C7E5FE5F2A00/89651195-8F42-6642-FF3B-409EE4954B00/files/images/company/64FB0167-FA62-C8F1-FFFF-203C76A6B500/1509364309511_shuresm48.jpg

it opened just fine. Until recently, few days ago I noted that now it gives error

{"code":4000,"message":"User has no permissions for specified resource","errorData":{}}only when I set permission to read on file itself it was allowed to read. So, why it's changed?

Leave a Comment

Comments (3)

photo
1

HI, Yuriy.

Try to set Grant permission for RestUser role for 'company' folder.

RestUser, IOSUser, ServerCodeUser and so on are so called dynamic roles. And they have the same priority as other system roles, but Deny permission overlaps Grant permission on the same level.

So, for a fine grained access configuration you'll need to combine ordinary System permissions (or custom) with dynamic permissions.

photo
1

Yup, that helped, thanks! But why it was working fine before? I don't have Deny permission on same level (only deny I have is general for role that was set in user settings)

photo
1

We found that you had "Deny" permission for RestUser role. And as stated in the documentation:

  1. If any of the [system] roles which the user belongs to deny access, the operation is rejected and no data is returned.

The fact that it worked the other way before was actually a bug. Generally, you should always stick to the docs as to the source of absolute truth.

photo