Skip to content

Permissions API

Every data object in Backendless has its own access control list (ACL) - a matrix of operations and principals (application's users or roles). An intersection of an operation and a principal contains a permission which determines whether the principal has the right to execute the operation. These permission could be either grant or deny.

Backendless console provides an easy to understand way to see and manage these permissions. For example, the screenshot below demonstrates an ACL matrix for an object. Notice the intersection of a column for the Create operation and the AuthenticatedUser role. The cell contains a green checkmark icon representing that the permission is granted:

permission-matrix

In addition to managing the ACL permissions with Backendless Console there is also Permissions API:

Methods

Methods described further are used for granting or denying access to a data object for a user, a role, all users, or all roles.

To grant access for a user

where:

Argument                Description
userId A user ID, for which you want to grant a permission.
dataObject A data object for which you want to grant the permission.

Codeless Reference

data_permissions_api_1

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to grant to a user.
data object A data object for which you want to grant the permission.
user id A user ID, for which you want to grant the permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To grant access for a user role

where:

Argument                Description
rolename A role name, for which you want to grant a permission.
dataObject A data object for which you want to grant the permission.

Codeless Reference

data_permissions_api_2

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to grant to a role.
data object A data object for which you want to grant the permission.
role name A role name, for which you want to grant a permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To grant access for all users

where:

Argument                Description
dataObject A data object for which you want to grant the permission.

Codeless Reference

data_permissions_api_3

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to grant to all users.
data object A data object for which you want to grant the permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To grant access for all roles

where:

Argument                Description
dataObject A data object for which you want to grant the permission.

Codeless Reference

data_permissions_api_4

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to grant to all roles.
data object A data object for which you want to grant the permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To deny access for a user

where:

Argument                Description
userId A user ID, for which you want to revoke a permission.
dataObject A data object for which you want to revoke the permission.

Codeless Reference

data_permissions_api_5

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to revoke from a user.
data object A data object for which you want to revoke the permission.
user id A user ID, for which you want to revoke a permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To deny access for a user role

where:

Argument                Description
roleName A role name, for which you want to revoke a permission.
dataObject A data object for which you want to revoke the permission.

Codeless Reference

data_permissions_api_6

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to revoke from a role.
data object A data object for which you want to revoke the permission.
role name A role name, for which you want to revoke a permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To deny access for all users

where:

Argument                Description
dataObject A data object for which you want to revoke the permission.

Codeless Reference

data_permissions_api_7

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to revoke from all users.
data object A data object for which you want to revoke the permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.

To deny access for all user roles

where:

Argument                Description
dataObject A data object for which you want to revoke the permission.

Codeless Reference

data_permissions_api_8

where:

Argument                Description
GRANT/DENY Specifies whether the permission must be granted or revoked.
FIND/REMOVE/UPDATE Identifies the permission type to revoke from all roles.
data object A data object for which you want to revoke the permission.
return result When this checkbox is selected, the operation returns an empty string value.
objectId Required property. Represents the unique identifier of the object in the data table.
__class Required property. Represents the name of the data table where the operation takes place.