Start a new topic

Create an user with admin right that can CRUD the rest of the user in Users collection

Hi guys,

I have added a field in Users collection isAdmin to identify that this user is admin. This admin user will have the permission to CRUD the rest of the user. I understand the if this admin user want to CRUD, for example, user1, this user1 acl field need to like follows:




"creator": "user1",

"r": ["adminuser"],

"w": ["adminuser"]



So when user1 signup an account, how to I update this acl field on postSave hook as user1 will not know the _id of adminuser ? or is there any better method to accomplish this?


Mark Thien

Hi Mark, currently groups can only be managed using the REST API, which means you would need to use the API Console and POST to the path you mentioned above. Groups use [Kinvey References]( to link with users and other groups. The request body itself would look something like:



"_id": "admingroup",

"users": {

"list": [{ "_type": "KinveyRef", "_collection": "user", "_id": "123123123123" }]



Hi Gal,

The document mentioned that to create a group, use the following:

POST /group/:appKey/ HTTP/1.1


Authorization: [user credentials]

Content-Type: application/json


"_id": "G",

"users": {

"all": "false",

"list": [

{ "_type": "KinveyRef", "_collection": "user", "_id": "1" },

{ "_type": "KinveyRef", "_collection": "user", "_id": "3" },

{ "_type": "KinveyRef", "_collection": "user", "_id": "4" }



"groups": [

{ "_type": "KinveyRef", "_collection": "group", "_id": "G1" },

{ "_type": "KinveyRef", "_collection": "group", "_id": "G5" }



I do not understand. if I want to create a group from kinvey web console, how do I do it ? For example, a admin user with _id "**123123123123**", I want to put him under group _id "**admingroup**", how should I do it?

Thanks a lot Gal :)
Hi, one way to achieve this would be to use User Groups ( to define an administrative group, and then add this group as reader/writer (under `_acl.groups.r` and `_acl.groups.w`, as seen [here]( to each entity, either using your client, or (most likely) through business logic. Using a group rather than a specific admin user would allow you to hard code the group's ID into true client or BL code, while still maintaining flexibility by being able to add/remove users to the administrative group.
Login or Signup to post a comment