I need to filter rows based on user and/or role
if the user has permission to read the table, there is no way to ensure the confidentiality of records of other users without using a server-side code
distribute records of one class to different tables not an option, it will lead to unnecessary complication of logic
is there a possibility to create a function on the server side?analog sql view
Hi,
Could you please clarify what you mean by “ensuring the confidentiality of records of other users” ?
Thanks,Mark
for example something like a repository client application scenarios. on a plan, you can have a private and public options. and user profiles are the same type of attitude structure
expected that the project will provide free access to a basic set of functionality and advanced features for registered users
in any case there is a need to ensure the privacy of the data
at the moment I do not see any possible architecture, without a layer of server-side codeas I understand the IPA if the user has access to the table at all, nor any opportunity to deny access to parts of records does not exist
tell me if I missed something?
Do you have a similar mechanism described here https://parse.com/docs/data#security-objects
described by reference, the security model I probably would have walked
your project involves pricing. however, if there are not yet available comparable features, maybe I will have to try to create a prototype of the application at the parse.com ))
At the present moment we do not have object-level security. This is something we are planning to add.
As for “your project involves pricing”, my understanding is parse is not entirely free either. There are many differences and unlimited API calls with us is one of them.
Regards,Mark
Russian saying: eon live - eon learn
Today I was shocked efficiency ligament asp dynamic data and sql ce
including such a bunch of takes all the issues with the cost of hosting
and even more so with the cost of development )))
Actually, my question was aiming at the very same thing: http://support.backendless.com/responses/can-you-set-security-settings-on-a-per-object-basis
Glad to hear you’re planning on adding this.
Hi!
I wonder if the functionality has been implemented yet.
I have a table with multiple orders, and for obvious reasons I want that a user can only see his own orders, not others’ customers orders.
Cheers!
Nicolas
Hi Nicolas,
Yes, this is implemented. It is easy to configure a table for that. Here’s what you should do:
Regards,
Mark
Hi Mark,
I find myself in a crossroad and i wonder if you could provide any advice.
Due to my application requirements i need to have foreign keys and unique constrains on my tables, but also i need to have row level security.
I cannot have the first with Backendless database system, But due to the way backendless connects to the external database (admin user) i can only have the second with Backendless database system. Problem being i need to have these 2 features on the same tables…
I can only think of making this by using custom business logic (filtering returning results) on the second feature and a external database, which seems the fastest option in terms of programming. Nevertheless i wonder how much could this process of filtering the results for each request can slow down the performance of my app given your server’s capacity and speed.
I hope you can shed some light on this matter, thanks for your time.
Nicolas.
Ni Nicolas,
I am sorry for turning this around back to you, but it would be very helpful for me to understand your requirements for having foreign keys and unique constraints on a table. Any chance you could describe them to me from the application’s perspective (that is not from the data design, but what should happen in the app that calls for these features). My thinking is once I know the reasons you think you needs these, I could offer a solution for you.
Regards,
Mark
Hi Mark,
Thanks for the quick response and sorry for the late answer. The best way to describe the app is as a restaurant delivery like. The same logic applies. Restaurants have menus, users access those menus and make orders, those orders have to be paid and that information also needs to be stored. Thus in order to avoid inconsistencies in the DB every order should have a FK to the user, to the payment made and to the restaurant involved, this guarantees a consistent state in the data. In the same way restaurants have different outlets, each outlet should have a FK to a restaurant chain and to the delivery company. The case for uniqueness is made by the payment’s ID and product’s SKU.
I understand these features can be achieved by implementing custom business logic. But given the fact that these can be done by the DB engine quite efficiently I’d really rather not slow down my system by implementing these features.
Best regards,
Nicolas
Hi Nicolas,
Thank you for describing the scenario. There is nothing you mentioned that would not be possible in Backendless the way it is right now and without any extra complexity to enforce uniqueness and constraints with custom business logic. The structure of restaurants and menus is more or less static (it would be up to the admin to make changes to these data sets). Customers and order are dynamic and can easily linked to the relevant entities when they are saved or updated and likewise unlinked when they are deleted (if needed). Perhaps if you could describe a specific scenario that seems questionable with Backendless, it would make it easier for me to understand your concern.
Regards,
Mark
Nicolas,
I am not sure if you know about it - I write a daily post about a feature in Backendless at: Feature-a-Day Category | Backendless
I’d like to use your scenario as the basis for my future posts about Data Service capabilities. Here’s a class diagram I put together which I plan to use as the design for the relevant posts.
http://support.backendless.com/public/attachments/12fb241bbfc609c4c96e3906948fc683.jpeg</img>
Cheers,
Mark
Hi Mark,
My only concern is when the app reaches a peak number of requests, let’s say 10reqs/sec. I wonder if the execution of the custom business logic code could mean anything in terms of the response time to the mobile clients.
PS. the diagram looks great, i was gonna post my database diagram for your use but i realized it is in Spanish and I would have to translate it. Nevertheless, thank you for your assistance and i’ll be keeping an eye on your daily posts. Cheers.
Nicolas
Hi Nicolas,
With Backendless there is no peak number of requests - we will not throttle your traffic.
As for custom business logic, you can configure it to be processed either synchronously or asynchronously. Obviously the synchronous calls will add to the total processing time for a round-trip request.
I think you should be good to proceed with your app with Backendless. I will certainly be posting about features using the proposed schema, but I’m afraid I’d be moving at a slower pace than you ))
Regards,
Mark
Hi Mark,
I’ve been following your feature a day blog. The feature 13 has an empty zip and comments in the page are not available, it says the captcha is incorrect, but there is no place for it neither is it displayed in chrome or firefox.
Hi NIcolas,
I just tried opening the zip and it worked just fine on my Mac. What utility do you use to open the file?
Regards,
Mark
