List of tables by user

LetMeTest · May 23, 2023, 7:43pm

Hi - is there a way to get a list of all tables that is created by a user? I have an app which lets user create tables (dynamic schema). I need to have users see all the tables that they have created (and also restrict them to their tables only). What’s the best way to achieve this?

mark-piller · May 23, 2023, 7:49pm

There is no built-in API that would return a list of tables. However, a solution I’d use would be having a separate table where you store a list of tables created by a user (say in a JSON column) and a related column to the Users table. This way you will have a mapping between a user and the tables they created. Any time when they create/rename/delete a table, you’d need to update the JSON value.

LetMeTest · May 23, 2023, 7:53pm

Thanks for quick reply. Interesting idea. I will try to implement it right now and let you know how it goes.

LetMeTest · May 24, 2023, 4:40am

Hi Mike - how do you make sure a user can only access their own tables? I have multiple users who sign up and create tables dynamically and I want to make sure they can only access their tables. Thanks.

Volodymyr_Zamoroka · May 24, 2023, 8:32am

Hi. You can set up users’ permission for the tables.

LetMeTest · May 24, 2023, 3:31pm

This is not what I am looking for. As mentioned, users sign up and then create tables (dynamically). The entire process is automatic. I cannot manually change any permissions. I only want users to be able to access their own tables that they created.

Nazar_Dmytryshyn · May 25, 2023, 11:56am

Hi @LetMeTest,

To do this, you can use the following API to give the user access to a specific table:

Method: PUT
Request URL: https://xxxx.backendless.app/api/data/<tableName>/permissions/<permissionType>
Request body:
{ 
   "permission": <permission>,
   "user":<objectId>
         or
   "role":<role-name>
}

In the request URL, you must specify the table name in <tableName> and GRANT or DENY in <permissionType>.
In the body of the request:

For the permission parameter, specify one of the following operations:

  ADD,
  UPDATE,
  FIND,
  REMOVE,
  DESCRIBE,
  PERMISSION,
  LOAD_RELATIONS,
  ADD_RELATION,
  DELETE_RELATION,
  UPSERT

Or instead of a specific operation, you can use * to change permissions for all operations.

The body should contain user (object id) or role (role name) property. If both present role will be ignored.

Regards
Nazar

LetMeTest · May 25, 2023, 4:34pm

Hi Nazar - when user creates the table (I am using dynamic schema), the automatically have access to that table. So it’s not about giving access. I need to know how to restrict access to only the tables they have created.

mark-piller · May 25, 2023, 4:40pm

Do you need to do it programmatically or manually in Backendless Console?

LetMeTest · May 25, 2023, 4:43pm

Programtically. I am using rest API to connect another front end to BE.

mark-piller · May 25, 2023, 4:52pm

Here’s how I would structure it:

Create a custom security role in Backendless.
Configure that custom security role to deny access to ALL tables (this would be a global permission denial done on the following screen):

Security Roles Settings - Royal_APP - Backendless 2023-05-25 11-49-451373×798 89.4 KB
When a new user is created, assign that security role (there is an API for that)
When a user creates a table, use the API described by Nazar here. This will grant access to that specific user to access that specific table.

Mark

LetMeTest · May 25, 2023, 6:20pm

Interesting idea. I will test it out and let you know. Thank you!