Skip to content

Permissions API

Every data object in Backendless has its own access control list (ACL) - a matrix of operations and principals (application's users or roles). An intersection of an operation and a principal contains a permission which determines whether the principal has the right to execute the operation. These permission could be either grant or deny. Backendless console provides an easy to understand way to see and manage these permissions. For example, the screenshot below demonstrates an ACL matrix for an object. Notice the intersection of a column for the Create operation and the AuthenticatedUser role. The cell contains a green checkmark icon representing that the permission is granted:

permission-matrix

In addition to managing the ACL permissions with Backendless Console there is also Permissions API:

To grant access for a user

Backendless.Data.Permissions.FIND.grantForUser(userId: string, dataItem: ExistDataItemI)
 .then( function( dataItem ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.grantForUser(userId: string, dataItem: ExistDataItemI)
 .then( function( dataItem ) {
  })
 .catch( function( error ) {
  })

Backendless.Data.Permissions.UPDATE.grantForUser(userId: string, dataItem: ExistDataItemI)
 .then( function( dataItem ) {
  })
 .catch( function( error ) {
  })

where:

Argument                Description
userid a user ID, for which you want to grant a permission.
dataObject a data object ID, for which you want to specify the permission.

To grant access for a user role

Backendless.Data.Permissions.FIND.grantForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.grantForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.grantForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
rolename a role name, for which you want to grant a permission.
dataObject a data object ID, for which you want to grant the permission.

To grant access for all users

Backendless.Data.Permissions.FIND.grantForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.grantForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.grantForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
dataObject a data object ID, for which you want to grant a permission.

To grant access for all roles

Backendless.Data.Permissions.FIND.grantForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.grantForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.grantForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
dataObject a data object ID, for which you want to grant a permission.

To deny access for a user

Backendless.Data.Permissions.FIND.denyForUser( userid, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.denyForUser( userid, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.denyForUser( userid, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
userid a user ID for which you want to deny a permission.
dataObject a data object ID, for which you want to deny a permission.

To deny access for a user role

Backendless.Data.Permissions.FIND.denyForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.denyForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.denyForRole( rolename, dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
rolename a role name, for which you want to deny a permission.
dataObject a data object ID, for which you want to deny a permission.

To deny access for all users

Backendless.Data.Permissions.FIND.denyForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.denyForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.denyForAllUsers( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
dataObject a data object ID, for which you want to specify the permission.

To deny access for all roles

Backendless.Data.Permissions.FIND.denyForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.DELETE.denyForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

Backendless.Data.Permissions.UPDATE.denyForAllRoles( dataObject )
 .then( function( dataObject ) {
  })
 .catch( function( error ) {
  });

where:

Argument                Description
dataObject a data object ID, for which you want to specify the permission.