API Advanced Object Retrieval API

Hi there I wonder if you can help me understand why my retrieval isn’t returning the records I expect?

I’m executing this API call :


and I believe I’m correctly passing a valid user-token in the header but I’m retrieving all records rather than the records associated to the user-token’s userID.

I’m passing a user-token for the user Graham but I’m getting all records including other users records.

This is a current valid token if you want to try it 895C1C2E-A908-4AEC-8FD0-8682A2BF6B9E

Hello @Graham_Reddie,

Passing user-token won’t select only the records associated to that user-token’s user.
You can setup permissions for the Person table to make that logic work or add the where clause with object’s ownerId to your request:



Thank you @olhadanylova

I’d prefer the database to have the inherent security applied. How do I configure that behavior on the security of the table?

Hello @Graham_Reddie

To get started, I would recommend that you read this documentation Security - Backendless SDK for JavaScript API Documentation
And if I understood your case correctly, then you can create a “user” role. Assign this role to your user (https://monosnap.com/direct/emg666GNTETCSKj5dfRumvRLMTT1fm) and disable “find” in the table settings for this role https://monosnap.com/direct/1Cxnp0DoLYFGqtlhmmkyIKefjAGBzt
(you can do this in global settings the same way if you want this behavior for all tables https://monosnap.com/direct/TskY9Nu0MFibusOk1axJFM6PgVjpZl). In this case, the owner policy should be enabled.
If you make these settings, you will be able to use the query you originally used.


1 Like

@Inna_Shkolnaya thank you that worked perfectly.