Every data object saved in Backendless has its own access control list (ACL). An object’s ACL includes permissions for users and roles for all data service operations. Using ACL, an application may be configured to allow users (and/or roles they belong to) to execute Data Service API calls.
For example, in a shopping app, you may have the Customer and SupportRep roles. Users in the Customer role may have the permission to create and update objects in the Incident table, but may not delete them. A user in the SupportRep role may have the permission to delete those objects.
Object ACL configuration can be done via API or Backendless Console. This post is going to review the latter. To get to the ACL screen for a specific object: