What should we set in this case:
We have a unity client and web php which both access database via rest/http post calls, which are the hosted java business logic functions.
The hosted logic function do all queries, adding, updating and removing to the tables, nothing is direct from unity, but from php there is adding to tables, updating.
What is the minimum permissions to tables and to roles we should allow when there are permissions/roles like ServerCodeUser, ClientUser, AuthenticatedUser,RestUser,iosUser,FacebookUser?
What is required for Unity client and what for php website?
Helping you design your application is not a free option, according to our Support Policy.
I can only give you an advice to determine the sets of operations your clients execute, map these operations to the roles somehow and then set the permissions accordingly.
We have figured out how we should build the application, so we just need to know what roles we need.
So in other words, what is the minimum rights we need to give to which roles when we use rest calls to access hosted functions and to block everything else? The hosted functions do the insert, read, update things. These functions are called from php and unity.
Will these be run as NotAuthenticatedUser? Do we need any other role (so do the hosted functions need a role with access rights)?
Here is the description of what each role means: https://backendless.com/documentation/users/android/users_user_roles.htm
If none of them fits your needs, you may create your own with a custom set of permissions and set it to the appropriate users.