Every data objects saved in Backendless has its own access control list (ACL). Object’s ACL includes permissions for users and roles for all Data service operations. Using ACL an application may be configured to allow users (and/or roles they belong to) to be able to execute Data Service API calls. For example, in a shopping app you may have the Customer and SupportRep roles. Users in the Customer role may have the permission to create and update objects in the Incident table, but may not delete them. A user in the SupportRep role may have the permission to delete those objects.
Object ACL configuration can be done via API or Backendless console. This post review the latter. To get to the ACL screen for a specific object:
- Login to Backendless console, select your app and click the Data icon.
- Select the table to get to the data object you need to modify the ACL of.
- Click the “key” icon in the ACL column:
- Select Users Permissions or Roles Permissions In the ACL screen.
- Adjust the permissions for the roles and/or users as you see fit. A permission can be adjusted by clicking an icon at the intersection of a row representing user or role and a column which represents an operation. For example the following screenshot restricts access to an object for any not-authenticated user and does not allow users in the Customer role to delete the object: