Hi @Alan_Tan,
Welcome to our forum. You’re asking great questions. Before I get to them, let me describe a few basic principles Backendless follows when it comes to security roles:
- There are two types of roles: system and developer-defined.
- When an API request is received by Backendless, security roles are automatically assigned by the platform to the request.
- When roles are assigned to an API request, any permissions associated with the roles apply to the execution of the request. For example, if a permission to retrieve data from a table is denied for a role assigned to a request, the data will not be retrieved.
Assignment of roles to an API request is done accordingly to the rules below:
- If the API request doesn’t have a valid
user-token header, the request is considered to arrive from a non-authenticated user. As a result, the NonAuthenticatedUser role is assigned to the API request. Otherwise, if the header is present, it means the request is coming from a logged in user, so the AuthenticatedUser role is assigned. Btw, the header is sent automatically by all our SDKs.
- Every single API Key we have has a corresponding role. Backendless automatically assigns that role to the incoming requests. For example, if the request uses the Android API Key, then the request will also have the
AndroidUser role. This becomes particularly helpful with Custom API keys.
- If the request is coming from a logged in user, then in addition to the
AuthenticatedUser role, Backendless assigns all other developer-defined roles associated with the user account.
For the item 3 above, you might ask, how do I assign a developer-defined role to a user account? There are two ways to do it: (1) using Backendless Console and (2) using the API.
Now that we got the basics out of the way, let me answer your questions:
- can those initial security role(android user) be assign or not assign to a user?
The AndroidUser role is assigned automatically by Backendless when the incoming API request uses the Android API Key.
- i tried to use security role to create grouping, mainly 2 group of users with different rights but i have no idea how to assign to user based on user type(a column i added in users table).
What we advice is to assign a role to a user account at the time when the user registers with your app. Usually there is a heuristic designating the user as a job creator, dispatcher or admin. Perhaps you have different registrations forms, or using some other type to distinguish them. When a user is being registered, you can inject Cloud Code which will use the API to assign a role to the user account. This way, when the user logs in and starts using the system, the API request sent with the identity of that user will automatically have the role assigned to the user account.
- i tried to create tables for grouping purpose(userToGroup, Group). how can i assign user directly to group upon registration? i understand that i need to create custom business rule but how do i identity using a value from a column i added in users table?
Please let me know if the information above answers this question. If not, we will revisit.
- how do i access table records and info passed in through API call in custom business rule?
You can use the same SDK we publish for the client apps in Cloud Code/business logic. If your Cloud Code is in Java, then you can use the Androud/Java SDK in there. If the Cloud Code is in JS, you can use the JS SDK.
- is there any way to setup some kind of batch job?
Yes, use Timers.
I hope this brings some clarity.
Please as any questions you might have. This is an important topic that could get quite confusing.
Regards,
Mark
