I just started with backendless. Created first tables. I was surprised to see the by default all routes are allowed for all users?
unauthenticated user could already to every method on the API.
From other REST solutions I looked at so far (e.g. feathersjs, strapi) all routes are by default disables and must be enabled.
On global permissions, everything is allowed per default and it looks like the checkmarks have to be set individually for every role?!
Am I missing something?