In the previous post I described how to obtain file’s public URL using the Backendless developer console. Even though one may obtain a public URL for a file or directory, it is very easy to change the permissions to restrict file download for anonymous (not authenticated) users. To restrict access:
- Login to the Backendless developer console, select an app and click the Files icon.
- Navigate to the file or directory for which public access should be denied.
- Click the lock icon to switch to the Security screen.
- Click the Roles Permissions menu.
- Click the checkmark icon in the cell at the intersection of the row for NotAuthenticatedUser and the Read column until you get a red X icon as shown in the screenshot below:
Security permission changes have immediate effect. As soon as the permission is denied, loading the file with its public URL will result in the following JSON message sent back to the browser (or the calling client):
message: "User has no permissions to specified resource",