User role setup

Hi, i was trying to find info on setting up user role upon register new user.
i tried searching the forum and went through a few tutorial on youtube but either hit a dead end or hit a 404 page.
these are a few question i have in mind:

  1. can those initial security role(android user) be assign or not assign to a user?
  2. i tried to use security role to create grouping, mainly 2 group of users with different rights but i have no idea how to assign to user based on user type(a column i added in users table).
  3. i tried to create tables for grouping purpose(userToGroup, Group). how can i assign user directly to group upon registration? i understand that i need to create custom business rule but how do i identity using a value from a column i added in users table?
  4. how do i access table records and info passed in through API call in custom business rule?
  5. is there any way to setup some kind of batch job?

below are the details of my setup:
Background

  1. i’m trying to setup for a dispatcher app with the following roles - job creator, dispatcher, admin.
  2. job creator is basically users that will post job. dispatcher will perform the job. admin is for modification of job when needed and registration of new users.
  3. all registration will go through admin.

current setup in backendless

  1. i created userToGroup, Job, Group, GroupToGroup(not in use yet)
  2. modified user table to include 1 more column for user type with value as Creator,Dispatcher,Admin
  3. i’m using objectID as soft link between user to any records in userToGroup and Job.

I’m a programmer for my day job so i’m quite familiar with API, java, spring, typescript, angular, struts and basic with JS.

Please kindly let me know if i missed out any info as i’m new to backendless.

Hi @Alan_Tan,

Welcome to our forum. You’re asking great questions. Before I get to them, let me describe a few basic principles Backendless follows when it comes to security roles:

  1. There are two types of roles: system and developer-defined.
  2. When an API request is received by Backendless, security roles are automatically assigned by the platform to the request.
  3. When roles are assigned to an API request, any permissions associated with the roles apply to the execution of the request. For example, if a permission to retrieve data from a table is denied for a role assigned to a request, the data will not be retrieved.

Assignment of roles to an API request is done accordingly to the rules below:

  1. If the API request doesn’t have a valid user-token header, the request is considered to arrive from a non-authenticated user. As a result, the NonAuthenticatedUser role is assigned to the API request. Otherwise, if the header is present, it means the request is coming from a logged in user, so the AuthenticatedUser role is assigned. Btw, the header is sent automatically by all our SDKs.
  2. Every single API Key we have has a corresponding role. Backendless automatically assigns that role to the incoming requests. For example, if the request uses the Android API Key, then the request will also have the AndroidUser role. This becomes particularly helpful with Custom API keys.
  3. If the request is coming from a logged in user, then in addition to the AuthenticatedUser role, Backendless assigns all other developer-defined roles associated with the user account.

For the item 3 above, you might ask, how do I assign a developer-defined role to a user account? There are two ways to do it: (1) using Backendless Console and (2) using the API.

Now that we got the basics out of the way, let me answer your questions:

  1. can those initial security role(android user) be assign or not assign to a user?

The AndroidUser role is assigned automatically by Backendless when the incoming API request uses the Android API Key.

  1. i tried to use security role to create grouping, mainly 2 group of users with different rights but i have no idea how to assign to user based on user type(a column i added in users table).

What we advice is to assign a role to a user account at the time when the user registers with your app. Usually there is a heuristic designating the user as a job creator, dispatcher or admin. Perhaps you have different registrations forms, or using some other type to distinguish them. When a user is being registered, you can inject Cloud Code which will use the API to assign a role to the user account. This way, when the user logs in and starts using the system, the API request sent with the identity of that user will automatically have the role assigned to the user account.

  1. i tried to create tables for grouping purpose(userToGroup, Group). how can i assign user directly to group upon registration? i understand that i need to create custom business rule but how do i identity using a value from a column i added in users table?

Please let me know if the information above answers this question. If not, we will revisit.

  1. how do i access table records and info passed in through API call in custom business rule?

You can use the same SDK we publish for the client apps in Cloud Code/business logic. If your Cloud Code is in Java, then you can use the Androud/Java SDK in there. If the Cloud Code is in JS, you can use the JS SDK.

  1. is there any way to setup some kind of batch job?

Yes, use Timers.

I hope this brings some clarity.

Please as any questions you might have. This is an important topic that could get quite confusing.

Regards,
Mark

1 Like

Hi Mark,

Thanks for your reply and your detailed explanation.
i will read up on that.
is there any example/sample project/video/tutorial on the topic of assigning and unassigning role that i can go through?
Also, i’m still a bit confused on where to go to actually key the code? business logic > event handler?
Thanks again for listening to a newbie.

Regards,
Alan

Hi @Alan_Tan

You can see the articles on our blog: https://backendless.com/blog/?category_name=&cn=all&s=User+role
Also, we have video tutorials: https://www.youtube.com/user/Backendless/search?query=user+role
You can find the documentation here: https://backendless.com/docs/rest/users_user_roles.html

Regards,
Inna

1 Like

Hi Alan,

A video showing how to assign roles to users in Backendless console is here:

Assigning roles to users using code must be done in Cloud Code (in an API service or an event handler).

Regards,
Mark

Hi All,
Thanks for all the help!!
I managed to more or less figure out how to go about doing this through a few backendless videos.
Will be posting again once i’m able to assign user role upon registration.