How to allow public read data from Kinvey, but authenticated access on create/edit/delete?
started a topic
about 4 years ago
I set "shared privacy" for collection (only owner may edit/delete - Bob).
If other user (Alice) authenticated, she may view Bob's records correctly. But if Eve (unregistered user) wants to read Bob's record, she gets an error:
description: "You need to be logged in to execute this request."
What should I do to allow Eve access Bob's record?
almost 4 years ago
Good morning dpaluy,
In general we don't allow exactly what you're looking to do for some obvious security implications that relate to it. On the other hand there are a few workarounds that you might want to consider.
1. Temporary users. If a user is unauthenticated when they make that request, assign them a temporary user object. In the event that they sign up you already have all their user information captured and can save it.
2. Implicit / System users. Creating a system account which has access to non-damaging user data is not always a horrible idea either as it does help in some circumstances.
If you have any other questions, please let me know.