Redirect Notice
As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.
How can we help you today?
Create an user with admin right that can CRUD the rest of the user in Users collection
4 CommentsSorted by Popular
Gal
said
almost 9 years ago
Hi, one way to achieve this would be to use User Groups (http://devcenter.kinvey.com/rest/guides/users#usergroups) to define an administrative group, and then add this group as reader/writer (under `_acl.groups.r` and `_acl.groups.w`, as seen [here](http://devcenter.kinvey.com/rest/guides/security#entityanduserpermissions)) to each entity, either using your client, or (most likely) through business logic. Using a group rather than a specific admin user would allow you to hard code the group's ID into true client or BL code, while still maintaining flexibility by being able to add/remove users to the administrative group.
Mark Thien
said
almost 9 years ago
Thanks a lot Gal :)
Mark Thien
said
almost 9 years ago
Hi Gal,
The document mentioned that to create a group, use the following:
POST /group/:appKey/ HTTP/1.1
Host: baas.kinvey.com
Authorization: [user credentials]
Content-Type: application/json
{
"_id": "G",
"users": {
"all": "false",
"list": [
{ "_type": "KinveyRef", "_collection": "user", "_id": "1" },
{ "_type": "KinveyRef", "_collection": "user", "_id": "3" },
{ "_type": "KinveyRef", "_collection": "user", "_id": "4" }
]
},
"groups": [
{ "_type": "KinveyRef", "_collection": "group", "_id": "G1" },
{ "_type": "KinveyRef", "_collection": "group", "_id": "G5" }
]
}
I do not understand. if I want to create a group from kinvey web console, how do I do it ? For example, a admin user with _id "**123123123123**", I want to put him under group _id "**admingroup**", how should I do it?
Mark
The document mentioned that to create a group, use the following:
POST /group/:appKey/ HTTP/1.1
Host: baas.kinvey.com
Authorization: [user credentials]
Content-Type: application/json
{
"_id": "G",
"users": {
"all": "false",
"list": [
{ "_type": "KinveyRef", "_collection": "user", "_id": "1" },
{ "_type": "KinveyRef", "_collection": "user", "_id": "3" },
{ "_type": "KinveyRef", "_collection": "user", "_id": "4" }
]
},
"groups": [
{ "_type": "KinveyRef", "_collection": "group", "_id": "G1" },
{ "_type": "KinveyRef", "_collection": "group", "_id": "G5" }
]
}
I do not understand. if I want to create a group from kinvey web console, how do I do it ? For example, a admin user with _id "**123123123123**", I want to put him under group _id "**admingroup**", how should I do it?
Mark
Gal
said
almost 9 years ago
Hi Mark, currently groups can only be managed using the REST API, which means you would need to use the API Console and POST to the path you mentioned above. Groups use [Kinvey References](http://devcenter.kinvey.com/rest/guides/datastore#RelationalData) to link with users and other groups. The request body itself would look something like:
```
{
"_id": "admingroup",
"users": {
"list": [{ "_type": "KinveyRef", "_collection": "user", "_id": "123123123123" }]
}
}
```
```
{
"_id": "admingroup",
"users": {
"list": [{ "_type": "KinveyRef", "_collection": "user", "_id": "123123123123" }]
}
}
```
Mark Thien
I have added a field in Users collection isAdmin to identify that this user is admin. This admin user will have the permission to CRUD the rest of the user. I understand the if this admin user want to CRUD, for example, user1, this user1 acl field need to like follows:
{
"_acl":
{
"creator": "user1",
"r": ["adminuser"],
"w": ["adminuser"]
}
}
So when user1 signup an account, how to I update this acl field on postSave hook as user1 will not know the _id of adminuser ? or is there any better method to accomplish this?
Cheerios,
Mark Thien