Support Topics Documentation Slack YouTube Blog

API Advanced Object Retrieval API

Hi there I wonder if you can help me understand why my retrieval isn’t returning the records I expect?

I’m executing this API call :

and I believe I’m correctly passing a valid user-token in the header but I’m retrieving all records rather than the records associated to the user-token’s userID.

I’m passing a user-token for the user Graham but I’m getting all records including other users records.

This is a current valid token if you want to try it 895C1C2E-A908-4AEC-8FD0-8682A2BF6B9E

Hello @Graham_Reddie,

Passing user-token won’t select only the records associated to that user-token’s user.
You can setup permissions for the Person table to make that logic work or add the where clause with object’s ownerId to your request:


Thank you @olhadanylova

I’d prefer the database to have the inherent security applied. How do I configure that behavior on the security of the table?

Hello @Graham_Reddie

To get started, I would recommend that you read this documentation Security - Backendless SDK for JavaScript API Documentation
And if I understood your case correctly, then you can create a “user” role. Assign this role to your user ( and disable “find” in the table settings for this role
(you can do this in global settings the same way if you want this behavior for all tables In this case, the owner policy should be enabled.
If you make these settings, you will be able to use the query you originally used.


1 Like

@Inna_Shkolnaya thank you that worked perfectly.