Data Service Object Security

I have an architecture that is similar to the following:

Organizations have one to many users
Organizations have one to many requests

my users are apart of an organization I want them to be able to see all
of that organization’s requests in the database with the only
requirement being that the request belongs to that organization. How
should I go about doing this with Backendless? Is there a way to use an
ACL on the requests table to say any authenticated user who belongs to
organization X? Do I need to build a custom role for each organization?
Should I just use a REST parameter for the search with some custom
business logic before or after the CRUD operation? I am new to
Backendless and there seems to be a lot a different ways to do things.
Normally if I was creating the API I would have the API filter results
based on the requesting users organization Id on the server before I
sent it back to the client, but I’m not sure if/how to do that in
Backendless since I’m pretty new to the platform. Apologize if this has
been asked before.


Hi Jarred,

Have you looked into the documentation on permissions?

Thanks for the reply. I’ve since moved on from Backendless to Open Source Parse Server.