Data Security

Data security is managed role-based. In your project's admin dashboard, navigate to Authentication > Roles and configure a specific role. There are four actions for each collection in your database: CREATE, READ, UPDATE and DELETE.

  • CREATE: Add a new object to a collection
  • READ: Read an existing object from a collection
  • UPDATE: Update an existing object
  • DELETE: Permanently delete an existing object

Furthermore you can add scope * or user to those actions.

  • *: Global permission - Permission to execute the action on every object in the specific collection
  • user: User scoped permission - Permission to execute the action is restricted to the objects created by the accessing user

We also added a wildcard resource *ALL_TABLES*. If you grant permissions on that resource for a role, it is the default permission for all collections. When a user attempts to access an object of collection todo, we check if he has the permission on *ALL_TABLES* OR todo.