Hi,
I grant access to our data mainly using owner policies, but I want to create a ReadAll role for certain members to get read-only access to all data.
In the global permissions matrix, all roles have deny for all actions, except for the ReadOnly role which has some read permissions set to granted. When I look at the Roles Permissions table for my data tables, the Find and Describe actions are inherited as granted for the ReadAll role.
When I assign the ReadAll role to a user though, along with some other user-defined roles, it does not inherit the grant permissions from the ReadAll role.
Looking at this article: http://support.backendless.com/knowledge-base/article/if-permissions-conflict-with-each-other-will-grant-or-deny-have-higher-priority the grant permission should be assigned because it states that it goes down in the permissions hierarchy until it finds a grant, and only denies when no rule grants it permission.
Looking at this part of the documentation though: https://backendless.com/documentation/data/ios/data_security.htm it seems to suggest that the logic stops when a role denies permission instead going down in the hierarchy.
I am a bit puzzled by this. If the role has read permissions for the data table, why does a user with that role assigned have not?
Kind regards,
Jeroen
P.S. My application ID is C6730F91-F429-E4C9-FF61-ED62B2B2E100