Skip to content

Permissions API

Backendless security mechanism assigns an Access Control List (ACL) to every file in the file storage. An ACL defines users and user roles that have permissions to read, write, or delete a file. The Permissions API allows programmatic control over file ACL by granting or denying permissions to a file for a user or a user role. Using the API permissions can be applies for a user or user role individually or in "bulk" - for all users or user roles in a single call.

The path or the url argument in the APIs below must identify a file or directory for which the permission is modified. The value must be the short version of the path. For example, suppose the full URL of a file in the file storage system is:

https://api.backendless.com/31CB9FED-F34C-5541-FF26-6C2B6719F200/23432-A6B2-FF6B-31CB9FED/files/movies/vacation.mp4

The path to the file in the API call must contain only the directory and the file name (without the leading slash):

movies/vacation.mp4

The user account (or the role) on which behalf the API is executed must contain the Permission permission. For example, if the call is made by an authenticated user, the role for the user account would be AuthenticatedUser. The role must have the Permission permission in order for the API call to go through.

To grant access for a user

FilePermission.READ.grantForUser( userid, url, responder );
FilePermission.DELETE.grantForUser( userid, url, responder );
FilePermission.WRITE.grantForUser( userid, url, responder );

where:

Argument                Description
userid ID of a user, for which you want to grant the read, delete, or write permission.
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To grant access for a user role

FilePermission.READ.grantForRole( rolename, url, responder );
FilePermission.DELETE.grantForRole( rolename, url, responder );
FilePermission.WRITE.grantForRole( rolename, url, responder );

where:

Argument                Description
rolename name of a user role, for which you want to grant the read, delete, or write permission.
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To grant access for all users

FilePermission.READ.grantForAllUsers( url, responder );
FilePermission.DELETE.grantForAllUsers( url, responder );
FilePermission.WRITE.grantForAllUsers( url, responder );

where:

Argument                Description
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for a user

FilePermission.READ.denyForUser( userid, url, responder );
FilePermission.DELETE.denyForUser( userid, url, responder );
FilePermission.WRITE.denyForUser( userid, url, responder );

where:

Argument                Description
userid ID of a user, for which you want to deny the read, delete, or write permission.
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for a user role

FilePermission.READ.denyForRole( rolename, url, responder );
FilePermission.DELETE.denyForRole( rolename, url, responder );
FilePermission.WRITE.denyForRole( rolename, url, responder );

where:

Argument                Description
rolename name of a user role, for which you want to deny the read, delete, or write permission.
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.

To deny access for all users

FilePermission.READ.denyForAllUsers( url, responder );
FilePermission.DELETE.denyForAllUsers( url, responder );
FilePermission.WRITE.denyForAllUsers( url, responder );

where:

Argument                Description
url path to a file, for which you want to specify the permission.
responder a responder object which will receive a callback when the method successfully saves the object or if an error occurs. Applies  to the asynchronous method only.