Access Control list available only for Custom Objects module.
Access control list (ACL) is a list of permissions attached to some object. An ACL specifies which users have access to objects as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. ACL models may be applied to collections of objects as well as to individual entities within the system hierarchy.
Permission schema
QuickBlox Permission schema contains five permissions levels:
- Open (open)
Such permission schema means that any user within the application can access the record/records in the class and is allowed to perform an action with the current permission level. - Owner (owner)
Owner permission level means that only Owner (a user who created a record) is allowed to perform action with the current permission level. - Not allowed (not_allowed)
No one (except for the Account Administrator) can make a chosen action. - Open for groups (open_for_groups)
Users having a specified tag/tags (see more info about how to set tags for the user in this section) will be included in the group that is allowed to perform an action with the current permission level. The current permission level can consist of one or several groups (number of groups is not limited). Tags can be added/deleted in the userβs profile. - Open for user ids (open_for_users_ids)
Only users that are specified in the permission level can make a required action with a record. One or several users can be specified (the number of users is not limited).
Actions available for the entity
- Create
Create a record. - Read
Retrieve and read the info about the chosen record. - Update
Update any parameter for the chosen record (only those parameters that can be set by the user can be updated). - Delete
Delete a record.
Permission levels
There are two access levels in the Permissions schema: Class and Record.
Class entity
Only the Account Administrator can create a class in the Custom object module and make all possible actions with it. Operations with Class entity are not allowed in API.
All actions (Create, Read, Update, and Delete) are available for the class entity and are applicable for all records in the class. Every action has a separate permission level available. The exception is a Create action that is not available for the Owner permission level.
To set a permission schema for the Class, do the following:
- Go to the Custom Objects tab.
- Open a required class.
- Click Edit permissions button to open a class and edit it.
Default Class permission schema is used while creating a class:
- Create: Open
- Read: Open
- Update: Owner
- Delete: Owner
Mark checkboxes to enable class permissions.
Record entity
A record is an entity within the class in the Custom Objects module that has its own permission levels. You can create a record in the Dashboard and API (see the create record request for more details). All permission levels except for the Not Allowed are available for the record and there are only three actions available and applicable for the record: Read, Update, and Delete.
Default Record permission schema is used while creating a class:
- Read: Open
- Update: Owner
- Delete: Owner
To set a permission level open the required Class and click the record to edit it.
Choosing a permission schema
Only one permission level can be applicable to the record: class permission schema or record permission schema. To apply class permission levels to all records in the class tick the checkbox in the Use Class permissions column near the required Action in the Dashboard.
Using a class permission schema means that a record permission schema will not affect a reΡord.
In case, the Admin does not tick the checkbox in the Dashboard a user has a possibility to change permission levels for every separate record in the table or create a new one with the ACL that a user requires.