Is there a way to update a specific user in the user collection, without having to make the user that I want updated the active user?

Either use the master secret (not recommended in client-side apps), or apply [read-write permissions](http://devcenter.kinvey.com/html5/guides/security#Entitylevelpermissions) to the users you want to update. Then, you should be update to update other users than the user you’re currently logged in as.

Thanks Mark, after posing the question I read about the acl modifications in the security guide and figured that would probably be the suggested route to take. I appreciate the confirmation.

A second question. Could you explain what I need to do with the entity variable that is shown in the code samples. I'm not a 100% sure what the 'prop: 'value' is referring to/needs to reference.

The `{ prop: 'value' }` is just an example of an entity. For example, if you were to have an app showing books, your entity most likely looks similar to:



```

var bookEntity = {

title: 'Book Title',

author: 'Book Author'

};

var acl = new Kinvey.Acl(bookEntity);

```



Basically, to obtain the ACL of an entity, you call `new Kinvey.Acl` and pass in the entity.

So in order to give one specific user from the 'users' collection full read/write access to the collection. Would I have to run a loop to update the acl specifically on each entity or is there a way to pass the collection its self as an entity?

Right now, yes, the ACL has to be applied to each entity. Improving support for collection-wide ACL is however on our list of things to do.

Ok, thanks for all the help