Hi there I wonder if you can help me understand why my retrieval isn’t returning the records I expect?
I’m executing this API call :
https://api.backendless.com/7A19C773-699A-AC1C-FFE7-693920E7A200/9A475034-906E-48C8-877B-0DD46236BA4C/data/Person?pageSize=50&sortBy=updated%20desc
and I believe I’m correctly passing a valid user-token in the header but I’m retrieving all records rather than the records associated to the user-token’s userID.
I’m passing a user-token for the user Graham but I’m getting all records including other users records.
This is a current valid token if you want to try it 895C1C2E-A908-4AEC-8FD0-8682A2BF6B9E
Hello @Graham_Reddie,
Passing user-token won’t select only the records associated to that user-token’s user.
You can setup permissions for the Person table to make that logic work or add the where clause with object’s ownerId
to your request:
https://api.backendless.com/7A19C773-699A-AC1C-FFE7-693920E7A200/9A475034-906E-48C8-877B-0DD46236BA4C/data/Person?pageSize=50&sortBy=updated%20desc&where=ownerId%3D%27OWNER_ID%27
Regards,
Olha
Thank you @olhadanylova
I’d prefer the database to have the inherent security applied. How do I configure that behavior on the security of the table?
Hello @Graham_Reddie
To get started, I would recommend that you read this documentation Security - Backendless SDK for JavaScript API Documentation
And if I understood your case correctly, then you can create a “user” role. Assign this role to your user (https://monosnap.com/direct/emg666GNTETCSKj5dfRumvRLMTT1fm) and disable “find” in the table settings for this role https://monosnap.com/direct/1Cxnp0DoLYFGqtlhmmkyIKefjAGBzt
(you can do this in global settings the same way if you want this behavior for all tables https://monosnap.com/direct/TskY9Nu0MFibusOk1axJFM6PgVjpZl). In this case, the owner policy should be enabled.
If you make these settings, you will be able to use the query you originally used.
Regards,
Inna
1 Like
@Inna_Shkolnaya thank you that worked perfectly.