In a Backendless backend, you can restrict access to API operations and/or application data. A restriction may apply either to specific users or to roles. When a restriction applies to a role, it automatically applies to the users in that role.
For example, suppose you have two roles in a job-searching application – employer and job-candidate. Each role will have a certain set of permissions; for instance, an employer can see all the candidates who applied for a job.
Backendless supports two types of roles – system-defined and developer-defined roles. System roles automatically come with the backend; Backendless assigns them based on how the user logs in or accesses the app. For example, the AuthenticatedUser role is assigned to any users who successfully log in.
The greatest flexibility in tuning security for an app comes in the form of developer-defined roles. A custom role can be assigned to users based on the business rules of your app and have a completely unique set of permissions. These permissions may restrict API operations and limit access to app data – data objects, files, geopoints and media streams. To create a developer-defined role: