Skip to content

Permissions API

Every data object in Backendless has its own access control list (ACL) - a matrix of operations and principals (application's users or roles). An intersection of an operation and a principal contains a permission which determines whether the principal has the right to execute the operation. These permission could be either grant or deny. Backendless console provides an easy to understand way to see and manage these permissions. For example, the screenshot below demonstrates an ACL matrix for an object. Notice the intersection of a column for the Create operation and the AuthenticatedUser role. The cell contains a green checkmark icon representing that the permission is granted:

permission-matrix

In addition to managing the ACL permissions with Backendless Console there is also Permissions API:

To grant access for a user

Backendless.Data.Permissions.FIND.grantForUser( userid, dataObject, responder );
Backendless.Data.Permissions.REMOVE.grantForUser( userid, dataObject, responder );
Backendless.Data.Permissions.UPDATE.grantForUser( userid, dataObject, responder );

where:

Argument                Description
userid a user ID, for which you want to grant a permission.
dataObject a data object for which you want to grant the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To grant access for a user role

Backendless.Data.Permissions.FIND.grantForRole( rolename, dataObject, responder );
Backendless.Data.Permissions.REMOVE.grantForRole( rolename, dataObject, responder );
Backendless.Data.Permissions.UPDATE.grantForRole( rolename, dataObject, responder );

where:

Argument                Description
rolename  a role name, for which you want to grant a permission.
dataObject a data object for which you want to grant the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To grant access for all users

Backendless.Data.Permissions.FIND.grantForAllUsers( dataObject, responder );
Backendless.Data.Permissions.REMOVE.grantForAllUsers( dataObject, responder );
Backendless.Data.Permissions.UPDATE.grantForAllUsers( dataObject, responder );

where:

Argument                Description
dataObject a data object for which you want to grant the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for a user

Backendless.Data.Permissions.FIND.denyForUser( userid, dataObject, responder );
Backendless.Data.Permissions.REMOVE.denyForUser( userid, dataObject, responder );
Backendless.Data.Permissions.UPDATE.denyForUser( userid, dataObject, responder );

where:

Argument                Description
userid a user ID, for which you want to deny a permission.
dataObject a data object for which you want to deny a permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for a user role

Backendless.Data.Permissions.FIND.denyForRole( rolename, dataObject, responder );
Backendless.Data.Permissions.REMOVE.denyForRole( rolename, dataObject, responder );
Backendless.Data.Permissions.UPDATE.denyForRole( rolename, dataObject, responder );

where:

Argument                Description
rolename a role name, for which you want to deny a permission.
dataObject a data object for which you want to grant the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for all users

Backendless.Data.Permissions.FIND.denyForAllUsers( dataObject, responder );
Backendless.Data.Permissions.REMOVE.denyForAllUsers( dataObject, responder );
Backendless.Data.Permissions.UPDATE.denyForAllUsers( dataObject, responder );

where:

Argument                Description
dataObject a data object for which you want to deny the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.