Start a new topic

Security through business logic


I am trying to give access to entities with in a collection to certain group of users. I am doing this by creating custom endpoint. How do I give read access to any user. My app is an iOS app and I tried the following


I know addReader will not work while working with Business logic, but trying to figure out what's the equivalent to it.

Thank you

Thank yo Ivan, let me try that and will post back
collectionAccess gives you an API to perform raw data operations like saving and fetching. You should use it to save the entity which has _acl already set to the right value.

Consider using a before-save collection hook for your use case as there Kinvey is doing the saving automatically. You just need to modify request.body._acl and call response.continue() and we do the work. Please look at the business logic guide part on collection hooks.

@Ivan, so once I have my list of users who needs r/w access to an entity, I can modify the "_acl " property of " requst " object and give r/w access to these list of users. Is that correct?

What about Caroline's solution, I am assuming that will work as well right?
@Harish, for exact _acl syntax, see

In the future we plan to provide helper methods, or to make the same syntax as JS library available in BL.
I see. You can update the ACL attribute directly by using the collection access module:
@caroline, yes, I did. But my question is how do I do that while writing custom end point in Javascript. Because, custom endpoints do not have access to Kinvey object.
Hi Harish, apologies for the delayed response- we're still working out some kinks on our forums. Have you seen this article on Kinvey Security?

Kinvey, Please answer this question. How to give another Kinvey user access to entities in a collection through Business Logic for an iPhone app?
Kinvey, Please answer this question ASAP. It's been here for a day.
Or, I should say, what's the equivalent of Kinvey.Acl(entity) while writing BL for an iOS app ? I am trying to give permissions to set of users for an entity, using Custom Endpoint.
Login or Signup to post a comment