Roles-Based Database Column Visibility

by on May 24, 2021

Roles-based column visibility permissions for Backendless Database Feature

Any time you entrust your data to a third-party vendor, the most important concern on your mind is going to be data security. New roles-based column visibility adds an easy way to protect certain sets of data from users that should not see sensitive data.

We pride ourselves on providing features that ensure your data is kept as safe as possible. Your database is protected by our robust roles-based security system. Now, with the release of version 6.4, you can now set access permissions for individual columns in a data table.

Roles-Based Column Visibility In Action

Most apps have data fields containing sensitive or proprietary information. A perfect example of this is any app that collects a customer’s social security number. It is critical that this information is protected to preserve users’ trust in your app.

Let’s take a look at a customer table with a socialSecurityNumber column. Leaving this column visible, even if it’s not editable, is still a major security risk. Clicking on the PERMISSIONS tab takes us to the visual roles-based security manager.

Sensitive data column in Backendless Database

To hide any given column, go to the COLUMNS VISIBILITY tab. Once there, simply click on the role and column pair that you want to modify.

Column visibility permissions for Backendless Database

In the screenshot above, the socialSecurityNumber column is marked as inaccessible by the NotAuthenticatedUserrole. As a result, any GET/FIND API request for that table from a non-authenticated user (i.e. user with the NotAuthenticatedUser role) will return all columns except for socialSecurityNumber.

You can then easily test this security change by running a basic GET request in your REST Console without an active login.

REST Console response with roles-based column security

As you can see in the screenshot above, the database returned both customers’ information, but left out the socialSecurityNumber column. For all intents and purposes, that column is now invisible to non-authenticated users.

Roles-based column visibility permissions are now available in Backendless Database. We’d love to hear what you think in the comments below or on our Slack channel or support forum.

Check out the other new features added in version 6.4:

Thanks for reading and Happy Codeless Coding!

Leave a Reply