Hello,
Could you help me to understand how to ensure that objects belonging to one user are not retrieved by other users?
Because the current owner policy does not seem to handle that case. Or am I missing something ?
Thank you
1 Like
Hello @Seb777,
if you deny retrieving for Role permissions but set Grant for retrieving by Owner (in Owner Policy permission), then this case will be handled - only the owner will be able to retrieve his objects.
https://backendless.com/docs/rest/data_security.html
Hope that helps.
Regards,
Stanislaw
I agree with @Seb777 : as also stated here Permissions issue while loading relations - #8 by Nicolas_REMY, I seem to also encounter cases where :
- object policy (at the table level) is deny for users
- owner policy (at the table level) is allow for owners
And while owners can retrieve their data, they can’t retrieve relations.