Backendless Support
 
Answered

Setting public and private acess for objects

Dear support,

I'm little bit confusing with the security layers. Please help me.

I need to set up the following restrictions on a table:

1. The objects that has no defined ownerId - created manually by the admin (public objects), should be able to be retrieved by any authenticated user.

2. The object that has defined ownerId can be retrieved only by the owner.

3. Is it possible to retrieve in single step both the public and the private objects (on Android) ?

How i set up such security logic ?

Thanks.

Leave a Comment

Comments (6)

photo
1

Hi Alex,

It should be possible. Here's what I would try to do:

  1. Disable "Find" operation for the NotAuthenticatedUser and AuthenticatedUser role for the table in question.
  2. Create a role which will have to be assigned to all authenticated users, let's call that role "RegisteredUser".
  3. Grant explicit permission for the "Find" operation for your table to the "RegisteredUser" role

Give it a try and let us know if that works as you'd like.

Regards,

Mark

photo
1

Hello Mark,

I did everything as you wrote.

It doesn't do what i want.

I'm testing with the following table, which has three objects.

One has the ownerId which is logged in, the second is another ownerId, and the third has no ownerId.

When i load the table asynchronously, i get all three objects.

It is not exactly what i wanted.

What i expected to get was the object with my ownerId, and the one which doesn't have the ownerId.

Alex.

photo
1

Hi Alex,

Let me play with it some more and I will let you know.

Regards,

Mark

photo
1

Hi Mark,

Did you found a solution for my question ?

Regards,

Alex.

photo
1

Hi Alex,

Yes, I did. I recorded a video describing the solution. You can see at the link below:

https://monosnap.com/file/RTyU4VsRdpq0J4yuneeBLQVWf8ugMu

Regards,

Mark

photo
1

Mark,

Thank you very much, it worked !

Regards,

Alex.

photo