Start a new topic

Collection clean method with _acl write group

I have a collection that entities are created defining an acl write group. When using clean() method - - only entities owned by me are deleted, even if the group is defined as bellow:


"groups": {

"w": [




"creator": "54776f375aee6ffe36011d15"


I have already double checked that the user that is trying to execute clean() action is in the group. That's not a possible cause.

How can other user remove entities not owned by him using access through 'w' group?



Can you go into the Kinvey console and try to issue an API call for the delete and let me know if that accomplishes what you're trying to do in this case?

If that doesn't work for you can you please tell me the error that you get?

Hi Damien.

To delete a collection there are problems of credentials, because only master secret can delete a collection, right? But my request is a simple DELETE with a query, like

DELETE /appdata/:appKey/:collectionName/?query={"firstName":"John"}


X-Kinvey-API-Version: 2

Authorization: [user credentials]

I've already tried to use Kinvey console and the behavior is exactly the same. There's no errors. It returns:


Tue Dec 09 2014 16:56:11 GMT-0200 (BRST)


"count": 2


But in this collection there were 3 entities that must be deleted, 2 created by the user that is executing DELETE request and 1 created by other user. All 3 entities _acl has 'w' group defined and the user that is executing DELETE request is in this group.

The problem is that even the entity is set to be editable by an user group it is not being edited by an user that is in this group.

Am I missing anything? Thanks.
I wanted to follow up on this and ask a couple clarifying questions before I try to answer this.

Essentially, user1: creates an object, let's call it A, for the sake of argument.

User2 then creates objects B and C.

User1 and User 2 are in group "group1"

The ACL specifies that users in "group1" can edit A,B,And C.

When user2 issues a delete for A,B,and C, it is only able to delete A and B, but not C, no error is returned for when C is not deleted.

Am I understanding the issue correctly?
Yes, thats it!

Only one detail: only user2 (that issues delete) is in group1, not both user1 and user2.
Sorry about the delay Cedin,

Can you tell me a little bit more about how these users are grouped? How are you creating a group and adding users to it?

@cedin‌ -- Did you find a way to accomplish this on your own? Do you still need help on this issue?
Login or Signup to post a comment