Database permissinos

Hei. The issue is that I have a timer that will create a new entity in a table. But I get an error “User has no permission to create an entity”. Consider that the “ServerCodeUser” has permission to create on this table. Can you refer me to documentation where all role permissions are described?

APP_ID : 1B92F985-D9EF-9689-FFAC-C7E5FE5F2A00.

Hi @mohamad-mohamad-jamil, I just tried a curl request using the CodeRunner API Key, which translates to the ServerCodeUser being used on the server and was able to register the user without any problems. Here’s the request I used:

curl -H Content-Type:application/json -X POST -d '{"email":"mark1@backendless.com", "password":"anyDummyPassword"}' https://api.backendless.com/1B92F985-D9EF-9689-FFAC-C7E5FE5F2A00/CODERUNNER-API-KEY-HERE/users/register

How do you register users in your timer?

Regards,
Mark

Hi @mark-piller. Actually I do not register users in my timer. Can you give me more details how to do that.? Or you can just refer me to a documentation about this.
So the timer simply creates new entities in tables under certain conditions.
This worked fin before. But when I created a new table that should be effected by that timer I got this error. And yet I think I need to do this registration stuff Because I miss the “owner_id” value when I save an entity . I assume that the reason is that I do not login users in the server code. We now developing our app. So some business logic is still not build well.

Hello Mohamad,

Here is a document describing all the security in Backendless in details: Security - Backendless REST API Documentation

My assumption is that a request you send gets assigned some additional role with denied permissions, e.g. AuthenticatedUser. The document above mentions that for Role ACL the permission should be GRANT for all the roles the request has.
Note that if the request is issued from Business Logic without an authenticated user, the NotAuthenticatedRole won’t be assigned, and the request will have only ServerCodeUser role, here’s an excerpt from the doc above:

An exception to this rule are API calls from business logic. In that case, if there is no authenticated user in the context of the call, Backendless assigns only ServerCodeUser role. The NotAuthenticatedUser role is not assigned and thus is not checked.

This makes it possible to do some “admin” requests to your backend.

@sergey-chupov. I think I need to do more investigation. Will be back soon.

@sergey-chupov Some thing I can not understand. So let me describe you the problem with more details. I have a timer called “suppliersFinderUrgentTimer” which suppose to save entities to table “r2_negotiations_supplier”. When I run the timer so everything works fine. But when I try to include also saving to another table “current_rms_opportunities” using the same timer I get the error “User has no permission to create an entity”. Consider that the “current_rms_opportunities” table has “ServerCodeUser” permission enabled.

It’s hard to say for sure, I see your timer has a lot of logic besides just saving.
To better identify the problem, I’d advise to create a new test timer, which would do exactly one thing: save something to either r2_negotiations_supplier table or current_rms_opportunities table. If that simple timer would show different behavior depending solely on a target table, we could continue the investigation. For now, there’s just too many moving parts.

@sergey-chupov. So I modified the “suppliersFinderUrgentTimer” now. And this call the method “saveCrmsOpportunity” this method will save data in “r2_negotiations_supplier” and “current_rms_opportunity”, When I save data to only “r2_negotiations_supplier” then it works fine. But when I try to save data to “current_rms_opportunity” I get the error “User has no permission to create an entity”. Maybe it is something with the table to do :thinking:

Can you paste the full code of your suppliersFinderUrgentTimer timer here? The discussion will be much more productive as soon as we see the exact code running.

Maybe it is something with the table to do

Everything is possible, though I glanced through the role permissions and didn’t find any differences between those two tables you mentioned.

/* suppliersFinderUrgentTimer.js*/
var sf =require(’…/handlers/custom-events/myCustomEvent.js’)

Backendless.ServerCode.addTimer({

name: 'suppliersFinderUrgentTimer',
startDate: new Date().getTime() + 100,

//run every hour
frequency: {
    schedule: 'custom',
    repeat: {'every':60}
},

/**
* @param {Object} req
* @param {String} req.context Application Version Id
*/
execute(req){

console.log("suppliersFinderUrgentTimer req : "+JSON.stringify(req))

return sf.run()
.then(res=>{
  console.log("suppliersFinderUrgentTimer res : "+JSON.stringify(res))
  return Promise.resolve({"res":res})
})
.catch(err=>{
  console.log("suppliersFinderUrgentTimer err : "+JSON.stringify(err))
  return Promise.reject({"suppliersFinderUrgentTimer err":JSON.stringify(err)})
})
}

})

/myCustomEvent.js/
var timestamp = (new Date()).getTime();
function saveCrmsOpportunity(){
console.log(timestamp + “saveCrmsOpportunity started”)
var o = {
“charge_total”:“test data”,
}
var neg = {
“id3rdPartySoftware”:“test data”,
}
return Backendless.Data.of(‘current_rms_opportunity’).save(o)
// return Backendless.Data.of(‘r2_negotiations_supplier’).save(neg)

    .then(res=>{
        console.log(timestamp + "saveCrmsOpportunity res : "+ JSON.stringify(res))
        return Promise.resolve({"message":"correntRMS oppportunity was created"})
    }).catch(err=>{
        console.log(timestamp + "saveCrmsOpportunity err : "+ JSON.stringify(err))
        return Promise.reject({"message":"correntRMS oppportunity was not created"})
    })

}

module.exports = {
run:saveCrmsOpportunity
}

@sergey-chupov. I use these to files to test.

It is totally not clear what is the connection between the timer code and the second file you sent /myCustomEvent.js/. I see there’s a function saveCrmsOpportunity(), but I don’t see any call to it here.

Ok, let me do it in another way. will update it soon.

@sergey-chupov.
Backendless.ServerCode.addTimer({

name: 'suppliersFinderUrgentTimer',
startDate: new Date().getTime() + 100,

//run every hour
frequency: {
    schedule: 'custom',
    repeat: {'every':60}
},

/**
* @param {Object} req
* @param {String} req.context Application Version Id
*/
execute(req){
    var o = {
        "charge_total":"test data",
    }
var neg = {
        "id3rdPartySoftware":"test data",
    }

console.log("suppliersFinderUrgentTimer req : "+JSON.stringify(req))

// return Backendless.Data.of(‘current_rms_opportunity’).save(o)
return Backendless.Data.of(‘r2_negotiations_supplier’).save(neg)
.then(res=>{
console.log("suppliersFinderUrgentTimer res : "+JSON.stringify(res))
return Promise.resolve({“res”:res})
})
.catch(err=>{
console.log("suppliersFinderUrgentTimer err : "+JSON.stringify(err))
return Promise.reject({“suppliersFinderUrgentTimer err”:JSON.stringify(err)})
})
}
})

Can I run this timer in your console? It is disabled currently, I’ll need to enable it to run on-demand.

yes you can do that.

Are you sure this new timer code is deployed? I’m seeing an error in the log, but it’s Error: [object Object] instead of what you have in error logs here.

Yes I’m sure that it is deployed.

OK, I see the correct logs now. Can I redeploy the timer through the Coding section on Console? It will redeploy the whole model as far as I’m concerned.