Any time you entrust your data to a third-party vendor, the most important concern on your mind is going to be data security. New roles-based column visibility adds an easy way to protect certain sets of data from users that should not see sensitive data.
We pride ourselves on providing features that ensure your data is kept as safe as possible. Your database is protected by our robust roles-based security system. Now, with the release of version 6.4, you can now set access permissions for individual columns in a data table.
Most apps have data fields containing sensitive or proprietary information. A perfect example of this is any app that collects a customer’s social security number. It is critical that this information is protected to preserve users’ trust in your app.
Let’s take a look at a customer table with a
socialSecurityNumber column. Leaving this column visible, even if it’s not editable, is still a major security risk. Clicking on the
PERMISSIONS tab takes us to the visual roles-based security manager.
To hide any given column, go to the
COLUMNS VISIBILITY tab. Once there, simply click on the role and column pair that you want to modify.
In the screenshot above, the
socialSecurityNumber column is marked as inaccessible by the
NotAuthenticatedUserrole. As a result, any
GET/FIND API request for that table from a non-authenticated user (i.e. user with the
NotAuthenticatedUser role) will return all columns except for
You can then easily test this security change by running a basic
GET request in your REST Console without an active login.
As you can see in the screenshot above, the database returned both customers’ information, but left out the
socialSecurityNumber column. For all intents and purposes, that column is now invisible to non-authenticated users.
Roles-based column visibility permissions are now available in Backendless Database. We’d love to hear what you think in the comments below or on our Slack channel or support forum.
Check out the other new features added in version 6.4:
Thanks for reading and Happy Codeless Coding!