Subscribe rss
Blog categories
All | Backendless features
Feature 88: Managing object’s ACL using API
April 6, 2015 by markpiller

In my previous post I described how to adjust object’s access control list (ACL) using Backendless console. As I mentioned, in addition to console, object’s permissions can be controlled using API. In fact, for any persisted object, Backendless supports the following capabilities:

granting/rejecting permission to execute find/save/update/delete operation on an object to:

  • a user
  • a role
  • all users
  • all roles

The general API usage pattern is:

Where <OPERATION> can be FIND , UPDATE , REMOVE. There are many more methods available on the <OPERATION> class supporting all the combinations listed above.

The sample below grants a permission to a user to execute FIND operations, additionally, it denies all roles to run searches. As a result, the ability to run a search for the specific object will be exclusive for the specified user.

Asynchronous API sample (Android and Plain Java):

Synchronous API sample (Plain Java only):

Once the code runs, the ACL permission matrix for the object will look as shown below:

User permissions:

Role permissions:

Share this post
Tweet about this on TwitterShare on FacebookGoogle+