Blog

Roles-Based Database Column Visibility

by on May 24, 2021

Roles-based column visibility permissions for Backendless Database Feature

Any time you entrust your data to a third-party vendor, the most important concern on your mind is going to be data security. New roles-based column visibility adds an easy way to protect certain sets of data from users that should not see sensitive data.

We pride ourselves on providing features that ensure your data is kept as safe as possible. Your database is protected by our robust roles-based security system. Now, with the release of version 6.4, you can now set access permissions for individual columns in a data table.

Roles-Based Column Visibility In Action

Most apps have data fields containing sensitive or proprietary information. A perfect example of this is any app that collects a customer’s social security number. It is critical that this information is protected to preserve users’ trust in your app.

Let’s take a look at a customer table with a socialSecurityNumber column. Leaving this column visible, even if it’s not editable, is still a major security risk. Clicking on the PERMISSIONS tab takes us to the visual roles-based security manager.

Sensitive data column in Backendless Database

To hide any given column, go to the COLUMNS VISIBILITY tab. Once there, simply click on the role and column pair that you want to modify.

Column visibility permissions for Backendless Database

In the screenshot above, the socialSecurityNumber column is marked as inaccessible by the NotAuthenticatedUserrole. As a result, any GET/FIND API request for that table from a non-authenticated user (i.e. user with the NotAuthenticatedUser role) will return all columns except for socialSecurityNumber.

You can then easily test this security change by running a basic GET request in your REST Console without an active login.

REST Console response with roles-based column security

As you can see in the screenshot above, the database returned both customers’ information, but left out the socialSecurityNumber column. For all intents and purposes, that column is now invisible to non-authenticated users.

Roles-based column visibility permissions are now available in Backendless Database. We’d love to hear what you think in the comments below or on our Slack channel or support forum.

Check out the other new features added in version 6.4:

Thanks for reading and Happy Codeless Coding!

Leave a Reply

Related Articles

Introducing Backendless Pro Community Edition: Free Single-Server Deployment
We're excited to announce that Backendless is now even more accessible with the launch of the Community Edition: a free version of the Backendless platform for deployment on a single physical server. This change makes Backendless more accessible than ever, allowing established users who want to lower their overall cost of ownership to deploy quickly…
Read More
About the Scale Variable Plan
The Backendless Scale Plan is a cloud-based application development and hosting plan that offers high starting limits, unlimited scalability, and is priced based on maximum daily API usage.
Read More
Introducing Nested Grouping API
Retrieving data from a database is a common task. It often involves grouping data by certain criteria. For example, you might want to see total sales by region. But what if you want to see products listed by category without summing them up? This is where our new Nested Grouping API shines. This API makes…
Read More