Start a new topic

How to allow public read data from Kinvey, but authenticated access on create/edit/delete?

I set "shared privacy" for collection (only owner may edit/delete - Bob).

If other user (Alice) authenticated, she may view Bob's records correctly. But if Eve (unregistered user) wants to read Bob's record, she gets an error:


name: "NoActiveUser",

description: "You need to be logged in to execute this request."


What should I do to allow Eve access Bob's record?


1 Comment

Good morning dpaluy,

In general we don't allow exactly what you're looking to do for some obvious security implications that relate to it. On the other hand there are a few workarounds that you might want to consider.

1. Temporary users. If a user is unauthenticated when they make that request, assign them a temporary user object. In the event that they sign up you already have all their user information captured and can save it.

2. Implicit / System users. Creating a system account which has access to non-damaging user data is not always a horrible idea either as it does help in some circumstances.

If you have any other questions, please let me know.

Login or Signup to post a comment