Accessing Users Table - Limiting Other Users Access

Hi,

Can someone shred light on this Model.
scenario: Employer(s), employees, Orders
Employer-1, Employees should have access to the Users table and Employer would be adding employees to the list. similarly there might be number of employers. Employers and employees should be able to login.
  Question is:  a. How do we allow employer accessing his own employees. i saw we can use OwnerId, but does this restrict employees update their own details.?

b. How can i retrieve employees records depending on ownerid. looks like i cannot use Backendless.Persistence.of (Users).find() or using DataQuery on Users table.

c. Employees can write data to Order table, and that info should be able to read by that particular employee and his employer only and no one else.

For this i can come up separate column restricting access, and use relation but want to make sure i am doing write and not using inbuilt feature.

Can someone please take sometime and answer or direct me appropriate article… i am lost after reading couple of them.

Thanks in advance

a. How do we allow employer accessing his own employees. i saw we can use OwnerId, but does this restrict employees update their own details.?

I would enforce it through a relation. The “Employer” table would have a one-to-many relation to the Employee table. The “ownerId” is not applicable here.

b. How can i retrieve employees records depending on ownerid. looks like i cannot use Backendless.Persistence.of (Users).find() or using DataQuery on Users table.

I do not see how ownerId can be used here. Who is retrieving employees?

c. Employees can write data to Order table, and that info should be able to read by that particular employee and his employer only and no one else.

In this case ownerId may be applicable. Have you watched the “Backendless Security” webinar? It is available on the Backendless Webinars page. The recording of the webinar includes an overview of how ownerId works.