Skip to content

Security and Permissions

Real-Time Database events account for permissions assigned to users and roles. For instance, if a user/role does not have the Find permission for a data table and the app with the logged in user registers the Object Created event listener, the app will not receive any of the created objects due to the security restriction.


Security enforcement for the Real-Time Database is available only in the Cloud9, Cloud99 plans in Backendless Cloud and in Managed Backedless and Backendless Pro versions of the product.

The security model (set of roles and permissions) for the Real-Time Database is the same as for the rest of the application. In other words, security configuration is done once and applies to both traditional APIs as well as the Real-Time Database. For more information on Backendless Security see the following sections:

User Roles

Global Permissions

Data Table Permissions

Individual Object Permissions

The most important topic of all is: Data Security