Permissions API¶
Every data object in Backendless has its own access control list (ACL) - a matrix of operations and principals (application's users or roles). An intersection of an operation and a principal contains a permission which determines whether the principal has the right to execute the operation. These permission could be either grant or deny.
Backendless console provides an easy to understand way to see and manage these permissions. For example, the screenshot below demonstrates an ACL matrix for an object. Notice the intersection of a column for the Create operation and the AuthenticatedUser role. The cell contains a green checkmark icon representing that the permission is granted:
In addition to managing the ACL permissions with Backendless Console there is also Permissions API:
Methods¶
Methods described further are used for granting or denying access to a data object for a user, a role, all users, or all roles.
To grant access for a user¶
where:
| Argument | Description |
|---|---|
userId |
A user ID, for which you want to grant a permission. |
dataObject |
A data object for which you want to grant the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to a user. |
data object |
A data object for which you want to grant the permission. |
user id |
A user ID, for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for a user role¶
where:
| Argument | Description |
|---|---|
rolename |
A role name, for which you want to grant a permission. |
dataObject |
A data object for which you want to grant the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to a role. |
data object |
A data object for which you want to grant the permission. |
role name |
A role name, for which you want to grant a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for all users¶
where:
| Argument | Description |
|---|---|
dataObject |
A data object for which you want to grant the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to all users. |
data object |
A data object for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for all roles¶
where:
| Argument | Description |
|---|---|
dataObject |
A data object for which you want to grant the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to all roles. |
data object |
A data object for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for a user¶
where:
| Argument | Description |
|---|---|
userId |
A user ID, for which you want to revoke a permission. |
dataObject |
A data object for which you want to revoke the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from a user. |
data object |
A data object for which you want to revoke the permission. |
user id |
A user ID, for which you want to revoke a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for a user role¶
where:
| Argument | Description |
|---|---|
roleName |
A role name, for which you want to revoke a permission. |
dataObject |
A data object for which you want to revoke the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from a role. |
data object |
A data object for which you want to revoke the permission. |
role name |
A role name, for which you want to revoke a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for all users¶
where:
| Argument | Description |
|---|---|
dataObject |
A data object for which you want to revoke the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from all users. |
data object |
A data object for which you want to revoke the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for all user roles¶
where:
| Argument | Description |
|---|---|
dataObject |
A data object for which you want to revoke the permission. |
Codeless Reference¶
where:
| Argument | Description |
|---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from all roles. |
data object |
A data object for which you want to revoke the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |