Blog

How to restrict access to files using Backendless Console

by on March 25, 2015

In another post, we described how to obtain a file’s public URL using Backendless Console. Even though anyone can obtain a public URL for a file or directory, it is very easy to change the permissions to restrict file download for anonymous (not authenticated) users. To restrict access:

  1. Login to Backendless Console, select an app and click the Files icon.
  2. Navigate to the file or directory for which public access should be denied.
  3. Click the lock icon to switch to the Security screen.
  4. Click the Roles Permissions menu.
  5. Click the checkmark icon in the cell at the intersection of the row for NotAuthenticatedUser and the Read column until you get a red X icon as shown in the screenshot below:

Security permission changes have an immediate effect. As soon as the permission is denied, loading the file with its public URL will result in the following JSON message sent back to the browser (or the calling client):

{
  message: "User has no permissions to specified resource",
  code: 4000
}