Start a new topic

Create an user with admin right that can CRUD the rest of the user in Users collection

Hi guys,

I have added a field in Users collection isAdmin to identify that this user is admin. This admin user will have the permission to CRUD the rest of the user. I understand the if this admin user want to CRUD, for example, user1, this user1 acl field need to like follows:




"creator": "user1",

"r": ["adminuser"],

"w": ["adminuser"]



So when user1 signup an account, how to I update this acl field on postSave hook as user1 will not know the _id of adminuser ? or is there any better method to accomplish this?


Mark Thien

Hi, one way to achieve this would be to use User Groups ( to define an administrative group, and then add this group as reader/writer (under `_acl.groups.r` and `_acl.groups.w`, as seen [here]( to each entity, either using your client, or (most likely) through business logic. Using a group rather than a specific admin user would allow you to hard code the group's ID into true client or BL code, while still maintaining flexibility by being able to add/remove users to the administrative group.
Thanks a lot Gal :)
Hi Gal,

The document mentioned that to create a group, use the following:

POST /group/:appKey/ HTTP/1.1


Authorization: [user credentials]

Content-Type: application/json


"_id": "G",

"users": {

"all": "false",

"list": [

{ "_type": "KinveyRef", "_collection": "user", "_id": "1" },

{ "_type": "KinveyRef", "_collection": "user", "_id": "3" },

{ "_type": "KinveyRef", "_collection": "user", "_id": "4" }



"groups": [

{ "_type": "KinveyRef", "_collection": "group", "_id": "G1" },

{ "_type": "KinveyRef", "_collection": "group", "_id": "G5" }



I do not understand. if I want to create a group from kinvey web console, how do I do it ? For example, a admin user with _id "**123123123123**", I want to put him under group _id "**admingroup**", how should I do it?

Hi Mark, currently groups can only be managed using the REST API, which means you would need to use the API Console and POST to the path you mentioned above. Groups use [Kinvey References]( to link with users and other groups. The request body itself would look something like:



"_id": "admingroup",

"users": {

"list": [{ "_type": "KinveyRef", "_collection": "user", "_id": "123123123123" }]



Login or Signup to post a comment