API Advanced Object Retrieval API

Hi there I wonder if you can help me understand why my retrieval isn’t returning the records I expect?

I’m executing this API call :

https://api.backendless.com/7A19C773-699A-AC1C-FFE7-693920E7A200/9A475034-906E-48C8-877B-0DD46236BA4C/data/Person?pageSize=50&sortBy=updated%20desc

and I believe I’m correctly passing a valid user-token in the header but I’m retrieving all records rather than the records associated to the user-token’s userID.

I’m passing a user-token for the user Graham but I’m getting all records including other users records.

This is a current valid token if you want to try it 895C1C2E-A908-4AEC-8FD0-8682A2BF6B9E

Hello @Graham_Reddie,

Passing user-token won’t select only the records associated to that user-token’s user.
You can setup permissions for the Person table to make that logic work or add the where clause with object’s ownerId to your request:

https://api.backendless.com/7A19C773-699A-AC1C-FFE7-693920E7A200/9A475034-906E-48C8-877B-0DD46236BA4C/data/Person?pageSize=50&sortBy=updated%20desc&where=ownerId%3D%27OWNER_ID%27

Regards,
Olha

Thank you @olhadanylova

I’d prefer the database to have the inherent security applied. How do I configure that behavior on the security of the table?

Hello @Graham_Reddie

To get started, I would recommend that you read this documentation Security - Backendless SDK for JavaScript API Documentation
And if I understood your case correctly, then you can create a “user” role. Assign this role to your user (https://monosnap.com/direct/emg666GNTETCSKj5dfRumvRLMTT1fm) and disable “find” in the table settings for this role https://monosnap.com/direct/1Cxnp0DoLYFGqtlhmmkyIKefjAGBzt
(you can do this in global settings the same way if you want this behavior for all tables https://monosnap.com/direct/TskY9Nu0MFibusOk1axJFM6PgVjpZl). In this case, the owner policy should be enabled.
If you make these settings, you will be able to use the query you originally used.

Regards,
Inna

1 Like

@Inna_Shkolnaya thank you that worked perfectly.