storage security - write to one table only

0 votes

Is that somehow possible?

My use case is following:

  • it's important, that not registered people can access data
  • All main tables have data that should be unchangable and just readable. Only I will change data in it.
  • One table has user uploaded data that can be read by the user himself or anyone. It's no sensitive data so simple security is enough. I thought about a flag in the data itself that indicates if the user shares it's data or not. Of course the api key allows reading all data, always, but I would use a query that checks the data flag. That would be enough for me.


It seems like that is not possible with custom keys as I can't grant write access to one table only... As far as I see it.

  • This means I have to use ACL, don't I?
  • This means, not registered people can't access any data. Probably this could be solved by using a dummy user for those people I think...
  • But I can't change the ACL setting for an existing app, can I?
  • And as far as I saw it, I cannot give access to ALL other users, can I?
asked Feb 11, 2015 in App42 Cloud API-BaaS by mflisar85 (40 points)
edited Feb 11, 2015 by mflisar85

1 Answer

0 votes
 
Best answer

Hello,

 

Kindly find my answer in below lines & let me know if it helps:

 

Ques: This means I have to use ACL, don't I?

Ans: Yes you have to use ACL to achieve your objective.

 

Ques: This means, not registered people can't access any data. Probably this could be solved by using a dummy user for those people I think...

Ans: No, you don't need to insert the dummy user in ACL app.  If user is not registered with us then we enter owner as anonymous user. So he/she will access the docs in that collection, if you have given the public read access to the doc.

 

Ques: But I can't change the ACL setting for an existing app, can I?

Ans:  Yes, you can't change the App settings from Non Acl to ACL.

 

Ques: And as far as I saw it, I cannot give access to ALL other users, can I?

Ans: Yes you can provide public read access on your app data, this will enable Read access to all your app users.

 

Let us know if you have more question for us.

Himanshu Shamra

 

answered Feb 12, 2015 by hs00105 (2,005 points)
selected Feb 12, 2015 by mflisar85
This answers my questions. For now I will use the file storage to save user data and the description will be filled up with some json data and I will filter the data locally on the device based on this description. As i can give write access to the file system only and deny access to the datastore for my app key....
Let us know if you have more questions for us.

Himanshu Sharma
Download Widgets
Welcome to ShepHertz Product line forum, where you can ask questions and receive answers from the community. You can also reach out to us on support@shephertz.com
...