Security Model Question - Team / Organisation Based Security

Hi There,

I have a situation where I want to build a multi-tenanted app where a user belongs to an organisation and a team within the organisation. I need to restrict access to information based upon the current users organisation and/or team. I’m just trying to work out if this is possible.

I believe I can probably do this on the client side but this is obviously not the most secure solution and the query should be run server side.

P.S The product looks awesome so far.

Cheers,

Tim

Hi Tim,

I’d love to help out and create an example to demonstrate how to restrict access. One way to do this is by using custom roles. Anyone in an organization can have the same role, for instance “abcOrg”. You can restrict access on per operation basis to individual objects or tables for that role. For example, you may grant Find operation for tableA for anyone who belongs to “abcOrg”, or you could restrict access to only specific objects in tableA for anyone in that role. Very similarly access can be granted (or rejected) on the per user basis. If you could share more details about your use-case, I’ll put together a set of instructions for tweaking the security policy.

Regards,
Mark

Thanks for the reply Mark. That will give me a good place to start researching.

In terms of automating the procedure of creating a new organisation in this instance, is it possible to use code to create roles rather than the administration backend? What I’m thinking of doing is creating a web front end where an organisation admin would create a new account and then add authorised users.

Basically I just want to restrict access to data based upon a users organisation and current team. If I understand correctly I can assign additional properties to the user object and use these properties when creating new objects or querying existing ones.

On a side note as well, is it possible to get an idea of how much a standalone instance would cost. Eg If I have a client that needs to host the data in their own data centre or needs additional security this would be a requirement.

Thanks again,

Tim

Hi Tim,

Yes, it is possible to automate role creation. This would require turning on Backing Plus. With Backendless Plus any function available in console becomes available via API as well (plus you get a ton of other features). Backendless Plus costs $99/month.

You are correct - you can assign additional properties to users and then run searches based on the values in those properties.

As for the standalone pricing, please contact sales@backendless.com to get a quote.

Regards,
Mark