ACL in Customer Console

Sun May 04, 2014 3:40 pm

I want to use the customer console for an app that has multiple users. How do I make sure that each user only has access to their information?

Sun May 04, 2014 9:05 pm

Hi Doug,

The customer will be able to edit or view the database data only if access rights were provided by developer. So, its up to the architecture of your database and access control policy that you have created.

Sun May 04, 2014 9:07 pm

Thanks. However, I logged in today with a test login and it allowed me access to everyone's information. Any thoughts how to fix this?

Sun May 04, 2014 9:15 pm

What was access rights to this test login? Can you show us? We will test this.

Mon May 05, 2014 12:26 am

We got your email, but I'm not sure what names you hadn't put there. Could you show us screenshot?

Tue May 06, 2014 8:47 pm

Hi Doug,

Did you solve this?

Tue May 06, 2014 11:42 pm

Sure, I'll do so in a bit. Thanks.

Wed May 07, 2014 12:26 am

Here are the first eight names, none of which I entered.

Wed May 07, 2014 5:33 am

Hello Doug,

The customer console doesn't work as you want. When owner application creates customer console he chooses database where customer credentials are stored (name it "database_with_users"). And then in "collection settings" grants access to collections which can in be different databases. And if owner grants "Can view" access to collection (for example collection "streets") every user from database "database_with_users" can view all rows from collection "streets". In this case even "acl" restrictions don't work.

Tue Oct 28, 2014 10:56 pm

Hi Appery.io support team!
So, it is not possible to use Customer Console for multiple user access; so each user has access to different Collections, right?
I mean, user1 access Collection 1 only; user2 access Collection 2 only; and so on.
Thank you in advance!
Carlota F: