Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Hi team,
I wonder if I can implement field level security.
Suppose I have a field in user collection called credits, which represents the money a user has in his account. I definitely don't want user to change the value ,only read. But they shoukd be able to change other fields like age or address in user collection.

Serhii Kulibaba
Posts: 150
Joined: Tue Aug 27, 2013 1:47 pm

How to implement Field level security

Hello Dongzhi,

Please follow this tutorial: https://devcenter.appery.io/documenta...

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Hi Sergiy,

This is interesting. Will it be slower using security proxy than direct service call?

Thanks

Dongzhi

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

And how will that be counted against your API quota? e.g. will 1 API call via secure proxy be counted as 2?

Yurii Orishchuk
Posts: 0
Joined: Fri Feb 14, 2014 8:20 am

How to implement Field level security

Hi Dongzhi,

Unfortunatly secure proxy was designed for other goal(access sensitive information in 3rd party API) and it's not suitable for your case.

You can implement it with following plan:

1 Add other collection like "userAccount", add to this collection needed fields(like credits).

2 Add to your Users collection field "account" which is pointer to "userAccount" collection.

3 When you creating a user(sign up) you need to create item in "userAccount" collection and put this item inside just created User.

4 Make new item in "userAccount" collection - ACL field to be "{}" - (no one could access this item). Or give "read" access for current user.

5 When you need to change "userAccount" row you can use server script with "Master key" using to access any row in your "userAccount" collection.

Regards.

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Hi Yurii,

Thanks, that is a viable solution.

Regards

Dongzhi

Return to “Issues”