Differentiating user behavior in an application by roles is a very common practice. Indeed, as long as you have different workflows in the application, it is likely each workflow would be associated with a specific user role. Take for instance a mobile application to reserve a taxi.
One of the user types (roles) is a client making a reservation, another one is a taxi driver for whom the reservation is dispatched to. Users in either role will have a separate login form, they will access the same data (reservation), but will see different aspects of it. Another example may be an application coordinating appointments with a gym’s private trainer. One user role in such an app is going to be the trainees coming to the gym for the workouts and another one are the trainers with whom people make appointments. In these apps users in different roles are likely to have different entry points into the application (different login forms) as well as different access level to the applications’ data.
Backendless simplifies roles-based access to data through a flexible permission system. Each role may have its own set of permissions either granting or denying access to various Backendless resources like data tables, messaging channels or media streams. The API provides a way to associate a user with a particular role. Once a user is linked to a role, any restrictions that the role has will automatically apply to the API operations made in the user’s session.
The example reviewed in this post demonstrates the roles-based data access concept. The example is an Android application. It defines two Backendless roles – ReadOnlyRole and ReadWriteRole. The first role has the read-only access to data, the second one has unlimited permissions. There are also two login forms – when a user logs in using the first form, his account is associated with the ReadOnlyRole. When the user logs in using the second form, the account is associated with ReadWriteRole. Once the user logs in, they see a screen where they can see and enter to-do tasks. Users who log in with the ReadOnlyRole will not be able to enter new tasks, while the other ones can create new to-do items. Please follow the instructions below to configure and run the example. The complete source code of the example is available in the Backendless GitHub account.