I have a few questions about users and groups:



* Can groups be created via API (such as the Java SDK)?



* Let's say I had one backend that contained a collection of companies and a collection of distributors, and each distributor had a link to a company. How can I set the permissions (via API, not console) so that there are two separate client apps that communicate with the back end yet company A only has access to the distributors for his company and company B can read all of the data? In this scenario, let's assume the end user of the app isn't logging in, so I believe we'd want each client app to run under the context of a special user or a group that represents the given company.



* Can permissions be restrictive as above and also allow the user to log in? Essentially I'm wondering if an app can be running under more than one user context - restrictive by company yet allowing the end user to be logged in.

Hi Erich,

I just put out an article that addresses your questions: https://support.kinvey.com/discussion/201272078/creating-user-groups-setting-permissions