Redirect Notice
As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.
How can we help you today?
How to allow public read data from Kinvey, but authenticated access on create/edit/delete?
1 Comment
Damien Bell
said
almost 9 years ago
Good morning dpaluy,
In general we don't allow exactly what you're looking to do for some obvious security implications that relate to it. On the other hand there are a few workarounds that you might want to consider.
1. Temporary users. If a user is unauthenticated when they make that request, assign them a temporary user object. In the event that they sign up you already have all their user information captured and can save it.
2. Implicit / System users. Creating a system account which has access to non-damaging user data is not always a horrible idea either as it does help in some circumstances.
If you have any other questions, please let me know.
Thanks,
In general we don't allow exactly what you're looking to do for some obvious security implications that relate to it. On the other hand there are a few workarounds that you might want to consider.
1. Temporary users. If a user is unauthenticated when they make that request, assign them a temporary user object. In the event that they sign up you already have all their user information captured and can save it.
2. Implicit / System users. Creating a system account which has access to non-damaging user data is not always a horrible idea either as it does help in some circumstances.
If you have any other questions, please let me know.
Thanks,
dpaluy
If other user (Alice) authenticated, she may view Bob's records correctly. But if Eve (unregistered user) wants to read Bob's record, she gets an error:
{
name: "NoActiveUser",
description: "You need to be logged in to execute this request."
}
What should I do to allow Eve access Bob's record?
Thanks