How to implement Field level security

This forum contains topics that were moved from Get Satisfaction
Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Post by Dongzhi Yang7528784 »

Hi team,
I wonder if I can implement field level security.
Suppose I have a field in user collection called credits, which represents the money a user has in his account. I definitely don't want user to change the value ,only read. But they shoukd be able to change other fields like age or address in user collection.

Serhii Kulibaba
Posts: 147
Joined: Tue Aug 27, 2013 1:47 pm

How to implement Field level security

Post by Serhii Kulibaba »

Hello Dongzhi,

Please follow this tutorial: https://devcenter.appery.io/documenta...

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Post by Dongzhi Yang7528784 »

Hi Sergiy,

This is interesting. Will it be slower using security proxy than direct service call?

Thanks

Dongzhi

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Post by Dongzhi Yang7528784 »

And how will that be counted against your API quota? e.g. will 1 API call via secure proxy be counted as 2?

Yurii Orishchuk
Posts: 0
Joined: Fri Feb 14, 2014 8:20 am

How to implement Field level security

Post by Yurii Orishchuk »

Hi Dongzhi,

Unfortunatly secure proxy was designed for other goal(access sensitive information in 3rd party API) and it's not suitable for your case.

You can implement it with following plan:

1 Add other collection like "userAccount", add to this collection needed fields(like credits).

2 Add to your Users collection field "account" which is pointer to "userAccount" collection.

3 When you creating a user(sign up) you need to create item in "userAccount" collection and put this item inside just created User.

4 Make new item in "userAccount" collection - ACL field to be "{}" - (no one could access this item). Or give "read" access for current user.

5 When you need to change "userAccount" row you can use server script with "Master key" using to access any row in your "userAccount" collection.

Regards.

Dongzhi Yang7528784
Posts: 0
Joined: Mon May 11, 2015 6:28 am

How to implement Field level security

Post by Dongzhi Yang7528784 »

Hi Yurii,

Thanks, that is a viable solution.

Regards

Dongzhi

Post Reply