This is a migrated thread and some comments may be shown as answers.

User permissions for Cloud Functions

1 Answer 20 Views
JavaScript SDK
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Jonathan
Top achievements
Rank 1
Jonathan asked on 27 Aug 2016, 09:00 AM

I have some data for which users can set a flag to specific other users their status. So I have a data type named Availability which contains data for a specific user with a field called contactAvailability which is an array of objects and is read by my app when this users logs in. Now I need other users to be able to update their status in contactAvailability, but from a security POV I want them to be able to update only the object in the array that is relevant for them (so they won't be able to update the status of other users).

To achieve this I though it best to use a Cloud Function. However, I am assuming that a Cloud Function will always run as the user that is logged in when invoking the function right? Is it possible to run it as a user that has access to all objects even when permissions are set to private? If I set the permissions to public then someone can always alter all data from any client right?

Is there another way I can achieve this?

Thanks!

 

1 Answer, 1 is accepted

Sort by
0
Anton Dobrev
Telerik team
answered on 29 Aug 2016, 01:14 PM
Hello,

You may consider using the different flavors of the JS SDK instance as explained here. For the current case it appears that you need the withMasterKey initialization.

Yes, it would be better to keep the permissions over a type as strict as possible and in such cases expose a small portion of functionality when needed over a cloud function.

Also, revise the permissions who is able to contact the cloud function as well.

Hope this helps.

Regards,
Anton Dobrev
Telerik by Progress
 
Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
 
Tags
JavaScript SDK
Asked by
Jonathan
Top achievements
Rank 1
Answers by
Anton Dobrev
Telerik team
Share this question
or