Permissions API¶
Every data object in Backendless has its own access control list (ACL) - a matrix of operations and principals (application's users or roles). An intersection of an operation and a principal contains a permission which determines whether the principal has the right to execute the operation. These permission could be either grant or deny.
Backendless console provides an easy to understand way to see and manage these permissions. For example, the screenshot below demonstrates an ACL matrix for an object. Notice the intersection of a column for the Create
operation and the AuthenticatedUser
role. The cell contains a green checkmark icon representing that the permission is granted:
In addition to managing the ACL permissions with Backendless Console there is also Permissions API:
Methods¶
Methods described further are used for granting or denying access to a data object for a user, a role, all users, or all roles.
The PermissionOperation
enum provides a set of options for operations to manage permissions for an object stored in a data table. Each option represents a specific operation that can be performed on the object's permissions:
// Permission operations
@objc public enum PermissionOperation: Int, Codable {
case UPDATE
case FIND
case REMOVE
case LOAD_RELATIONS
case ADD_RELATION
case DELETE_RELATION
case UPSERT
}
typedef SWIFT_ENUM(NSInteger, PermissionOperation, closed) {
PermissionOperationUPDATE = 0,
PermissionOperationFIND = 1,
PermissionOperationREMOVE = 2,
PermissionOperationLOAD_RELATIONS = 3,
PermissionOperationADD_RELATION = 4,
PermissionOperationDELETE_RELATION = 5,
PermissionOperationUPSERT = 6
};
To grant access for a user¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions grantForUserWithUserId:@"BC019481-A543-48EB-B821-47508B68B7A1" entity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.grantForUser(userId: "BC019481-A543-48EB-B821-47508B68B7A1", entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
userId |
A user ID, for which you want to grant a permission. |
entity |
A data object for which you want to grant the permission. |
operation |
Identifies a specific permission to grant to a user. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to a user. |
data object |
A data object for which you want to grant the permission. |
user id |
A user ID, for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for a user role¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions grantForRoleWithRole:@"TrialUser" entity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.grantForRole(role: "TrialUser", entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
role |
A role name, for which you want to grant a permission. |
entity |
A data object for which you want to grant the permission. |
operation |
Identifies a specific permission to grant to a role. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to a role. |
data object |
A data object for which you want to grant the permission. |
role name |
A role name, for which you want to grant a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for all users¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions grantForAllUsersWithEntity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.grantForAllUsers(entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
entity |
A data object for which you want to grant the permission. |
operation |
Identifies a specific permission to grant to all users. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to all users. |
data object |
A data object for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To grant access for all roles¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions grantForAllRolesWithEntity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.grantForAllRoles(entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
entity |
A data object for which you want to grant the permission. |
operation |
Identifies a specific permission to grant to all roles. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to grant to all roles. |
data object |
A data object for which you want to grant the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for a user¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions denyForUserWithUserId:@"BC019481-A543-48EB-B821-47508B68B7A1" entity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.denyForUser(userId: "BC019481-A543-48EB-B821-47508B68B7A1", entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
userId |
A user ID, for which you want to revoke a permission. |
entity |
A data object for which you want to revoke the permission. |
operation |
Identifies a specific permission to revoke from a user. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from a user. |
data object |
A data object for which you want to revoke the permission. |
user id |
A user ID, for which you want to revoke a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for a user role¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions denyForRoleWithRole:@"TrialUser" entity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.denyForRole(role: "TrialUser", entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
role |
A role name, for which you want to revoke a permission. |
entity |
A data object for which you want to revoke the permission. |
operation |
Identifies a specific permission to revoke from a role. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from a role. |
data object |
A data object for which you want to revoke the permission. |
role name |
A role name, for which you want to revoke a permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for all users¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions denyForAllUsersWithEntity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.denyForAllUsers(entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
entity |
A data object for which you want to revoke the permission. |
operation |
Identifies a specific permission to revoke from all users. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from all users. |
data object |
A data object for which you want to revoke the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |
To deny access for all user roles¶
@interface Movie: NSObject
@property (string, nonatomic) NSString *objectId;
@end
Movie *movie = [Movie new];
movie.objectId = @"BDB25104-E4B2-4B94-8ED9-437D1F239060";
[Backendless.shared.data.permissions denyForAllRolesWithEntity:movie operation:PermissionOperationUPDATE responseHandler:^{
// handle response
} errorHandler:^(Fault *fault) {
// handle error
}];
@objcMembers class Movie: NSObject {
var objectId: String?
}
let movie = Movie()
movie.objectId = "BDB25104-E4B2-4B94-8ED9-437D1F239060"
Backendless.shared.data.permissions.denyForAllRoles(entity: movie, operation: .UPDATE, responseHandler: {
// handle response
}, errorHandler: { fault in
// handle error
})
where:
Argument | Description |
---|---|
entity |
A data object for which you want to revoke the permission. |
operation |
Identifies a specific permission to revoke from all roles. Refer to the PermissionOperation enum to see all options. |
Codeless Reference¶
where:
Argument | Description |
---|---|
GRANT/DENY |
Specifies whether the permission must be granted or revoked. |
FIND/REMOVE/UPDATE |
Identifies the permission type to revoke from all roles. |
data object |
A data object for which you want to revoke the permission. |
return result |
When this checkbox is selected, the operation returns an empty string value. |
objectId |
Required property. Represents the unique identifier of the object in the data table. |
__class |
Required property. Represents the name of the data table where the operation takes place. |