I am trying to set roles with parse.com
My aim is to set role to get all the data only for login users.
can you please proved step by step how should it be done with parse.com,
I tryed to play with it and read the tutrial but I am all the time getting accecss to data even if I am not logined.
thnx for helping!
When you create your data object you should be adding an ACL to it, created with the current user and limiting read and write to that user. This is done before you save the data object. You don't need to use a role. A role would be used where you had a group of users who all needed access, then you would add the users to the role and create the ACL for the role instead of a user.
Related
I'm trying to grant access so that users can access all user information about themselves + non-sensitive information about others in the user table.
I thought user would inherit permissions from anonymous user which would give them access to the non-sensitive data of all users. This doesn't seem to be the case.
Is there a simple way to do this?
Figured out to create an SQL view for the private user info and set permissions for those columns. Set the remaining columns as public.
Is it possible to grant permission for user in table, but only for a specific row in that table. I have a table named PrivateUserInfo where I store users' emails and nicknames: Granting permissions like that: r.db('dbname').table('PrivateUserInfo').grant('testuser', {read: true}); allows them to read everyones data. I want to allow them to read only the row where the id is their username. Setuping a webserver to handle this type of things will defeat the purpose. If I am going to create a webserver then I wouldn't even use permissions in first place and just handle the requests with the web app logged as admin. Which I really want to avoid. This was the main reason I want to use this database.
CRM 2015: I want to be able to create a role for local IT to be able to add user accounts and assign roles.
Regarding the 'adding roles' portion, is it simple enough just to create a role for local IT to 'write' to 'security' roles in the'business management' tab of 'security roles' at the user level?
No, this is not that simple. User cannot give another user privilege higher than he has (it would be a serious security hole). So for example you have role to edit Security roles and you have Read access for Accounts in your Business Units. If somebody in your Business unit has no Read access and only User access, you can add him Read access for Business Unit (the same you have), but you will not be able to give him Organizational access (so higher than yours). You could imagine that if this would be possible, you will be able to basically give yourself Admin privilege and do whatever you want in CRM.
Knowing that, it should be possible for you to create a role that for example have full access to Accounts, Contacts, Custom entities etc. and Security Roles. This role would be able to modify other users access levels to Accounts, Contacts etc. but no other entities that they don't have privilege to.
Exactly the same logic applies to assigning the Security Roles. So user A cannot assign a Security Role to user B, if it gives user B privileges higher than has User A.
In the end, it is very hard to properly implement the scenario that you described, because there are so many privileges and user needs to have a lot of them to even use the CRM. I've tried this once but could not satisfy the business requirement - it always ended up with using System Admin role, because there was always some scenario that could have not been handled by a user only with this "specific" security modification role.
Assigning 'System Administrator' security role and changing Access Mode in user record to 'Administrative' helped me to achieve this. User still cannot access any transaction data. So, I think you can go for this approach.
I have two mobile apps using the same parse app.
When I log a user in with parse is it possible to limit the login to a specific role? I don't want users with role 'A' to be able to login to app 'B'.
You certainly can. Parse already has entire sections of documentation dedicated to Roles. Assuming you have already created a user and assigned a role, just add another piece of authentication logic to your login process for checking if the role is correct. When you are creating a new user from scratch, make sure to assign a role however you like.
On my parse based application, each user will have a list of notes that are private to him by default.
The user will be able to invite other users (identified by their email address) to view the notes.
I want to use ACL for that, but was wondering what should I do if the invited user is not registered yet as a Parse user on invitation. In that case, the notes creator user cannot add him to the note's ACL since there is no ParseUser object yet.
What is the best solution for this type of invitation?
Can I use ACL for this or do I have to manage the access myself?
If you're familiar with Parse technology called Cloud Code then you should check this https://gist.github.com/mikevansnell/5140654
This code creates future user from the email passed to the function and asign it with some random password. And then an invitation email is send to the passed email with all the info, including password. And when the invited user goes to the app just fill the logi
These are two options I can think of.
1) Use ACL
Modify the note's ACL so that it has read access by the users invited that are already registered. Any users that are not registered, get a new row containing the email and note id in a separate table called NewUserAccess. Whenever a user is created, query NewUserAccess for rows with the registering email. Update those notes with the newly created user's objectId.
2) Manage Access Yourself
The second option is just creating a table called UserAccess. With this, when you invite a user you create a row with their email and the note they have access to. This would cause problems if the user changed emails which would require additional work.
If you want to use ACL in order to control user access to classes, objects
just create a new _Role='registered_user' in the parse built in class "role" .
and when user xyz registers, add them to role 'registered_user'
in the ACL of the classes where you want to restrict READ to the role, use the following:
"ACL":{"registered_user":{"read":true}}
Explicitly setting READ permissions in ACL instead of just wildcarding it using "*" will lock down the access to members of "registered_user" Role.
Its just like groups in the file system.