How to Manage a Data Object’s Access Control List (ACL) in Backendless Console

Every data object saved in Backendless has its own access control list (ACL). An object’s ACL includes permissions for users and roles for all data service operations. Using ACL, an application may be configured to allow users (and/or roles they belong to) to execute Data Service API calls.

For example, in a shopping app, you may have the Customer and SupportRep roles. Users in the Customer role may have the permission to create and update objects in the Incident table, but may not delete them. A user in the SupportRep role may have the permission to delete those objects.

Object ACL configuration can be done via API or Backendless Console. This post is going to review the latter. To get to the ACL screen for a specific object:

1. Login to Backendless Console, select your app and click the Data icon.
2. Select the table to get to the data object whose ACL you need to modify.
3. Click the “key” icon in the ACL column:
   
4. Select Users Permissions or Roles Permissions on the ACL screen.
5. Adjust the permissions for the roles and/or users as you see fit. A permission can be adjusted by clicking an icon at the intersection of a row representing a user or role and a column that represents an operation. For example, the following screenshot restricts access to an object for any not-authenticated user and does not allow users in the Customer role to delete the object: