Best structure for db and security users in different teams

Hey Everyone,
Looking for some advise on how I should architect for the following.

I am looking to create an app that I guess you could look at it as multi tenanted.

So people would belong to a group and have a couple different permissions in that group. They should only see their group’s related information.

I am looking for the best way to structure this. A couple thoughts I have had are:

  1. Have a group table and there is a relationship to users in that group.
    Then also relate objects in all other database tables to the specific group that creates them. Not sure how complicated this would make it in terms of ensuring security is right?

  2. Have the group as a field in the user table and do a similar type of scenario.

  3. Something I have not thought of that would be a much better approach?

At the end of the day, need to be able to invite/add people to the group they are part of, so they can accept an invite without much hassle.
Need them to be able to log in and see the relevant items to their group and submit information.

Hope that gives enough info.

Hi, @Leon_Black

Have a group table and there is a relationship to users in that group.
Then also relate objects in all other database tables to the specific group that creates them. Not sure how complicated this would make it in terms of ensuring security is right?

For this case, you can create a custom role for each organization (group) and assign it to your users.
Then you can manage permissions on the role level.

Or another option for you - create a custom API key.

Please check this documentation about the Global Permissions and the Database Permissions API .
The permissions configuration depends on your needs and the app details.

Regards,
Marina

Thanks, I will play around with that. Hopefully can auto create the role in the builder so its not a manual task.

Is there a way to create custom roles via the API?
I cannot seem to find an option in the cloud code.

Ideally if a custom role is the best way to go, I would like to have this auto create when a new group is required so it does not require manual intervention.

I fell just having it all using “where group =” type queries for the data could present a data risk of being able to get another groups data.

Hello @Leon_Black

Unfortunately we do not have an API to create a userRole. You can only create new roles in the Backendless Console.

Based on your case, how about creating a separate table with roles and assigning relations to new users. Then you can set up auto-creation of roles/groups.
To have some logic happen automatically after some actions, I recommend you to check event handlers section(Cloud Code). Maybe one of the handlers will work for you.

Regards,
Inna

Thanks for the idea. I will look into that further.