Start a new topic

Unique ID creation for user groups


I am looking at using user groups in my application I have the following requirements:

  • Every user will have a "site" which will contain assets and other collections.
  • The user can have multiple sites with multiple assets belonging to the site.
  • The user should be able to add other users to view the assets at the site.
  • The user can assign "admin" roles to the site which can modify/delete assets at a site.
  • Other admins can remove the original creator of the site as well as assign other users/admins.
I was looking at making the site name the user group id however I can see there being a duplication of names/ids between users as these will probably be geographic names/cities. I had then looked at using a collection called sites to store these names and use the _id of the entity as the group name in a postsave collection hook. But this seemed very convoluted to manage as the entity gets created then the group then the group is added to the entity acl.

I was also unsure about how to implement the "user" and "admin" roles for the sites. Is it as simple as having 2 separate groups (user/admin) for each site, which then get added to the appropriate acl groups (read/write)?


Just want to confirm - Have you gone through the Aggregation/ Grouping documentation




Hi Pranav, 

I'm not sure that this fits my use case as aggregation doesn't handle acls needed for read/write control.

Thinking further on this, is there any way of editing an entities _acl on a postsave collection hook? For my sites collection I have a postsave hook that creates a new group using the id of the newly created site then tries to retrieve this newly created entity to modify the acl. However the collectionaccess call gives null.


function onPostSave(request, response, modules) {
  var logger = modules.logger;
  var context = modules.backendContext;
  var uri = 'https://' + + '/group/'+ context.getAppKey();
  var authString = "Basic " + modules.utils.base64.encode(context.getAppKey() + 
                   ":" + context.getMasterSecret());
  var requestOptions = { 
    uri: uri, headers: { "Authorization": authString }, json:true,
    body: {
      "_id": response.body._id,
      "users": {
        "all": "false",
        "list": [
           { "_type": "KinveyRef", "_collection": "user", "_id": response.body._acl.creator }
      "_acl": response.body._acl
  //POST to GROUP endpoint, function(error, res, body) {
    if (error) {
      response.body = {error: error.message};
  } else {"Group created, retrieve using id:" + response.body._id);
    //modify site group acl
    modules.collectionAccess.collection('sites').findOne({ _id: response.body._id }, function(err, result){
      if(err) {
        logger.error("Collection access error " + err.message);
      } else {"collection access for id:" + response.body._id+ " " + result);


Pranav, I think I just need to do it similar to the acl tutorial you provide here. However I don't understand what step 5 is trying to achieve as it tries to find the patient id in the 'patient-provider' collection however there is no reference to this in that collection.

Login or Signup to post a comment