Customizing Access Permissions
Kii Cloud uses scopes to define user permissions to access objects. You can adjust the permissions by customizing an object's ACL (Access Control List).
When a user attempts to access a bucket, KiiObject, and so on, Kii Cloud checks if the user has a permission by using the object's ACL.
An ACL in Kii Cloud is a whitelist that consists of permissions, that is, ACL entries that define who can do what. With the Kii Cloud SDK and REST API, you can add and delete ACL entries.
As with buckets and KiiObjects, topics used with the push notification feature and scopes also have an ACL. You can customize any object's ACL with the Kii Cloud SDK and REST API.
Each object's ACL defines permissions for the following operations:
- Create new buckets in the scope.
- Create new topics in the scope.
- Create new KiiObjects in the bucket.
- Query KiiObjects in the bucket.
- Read KiiObjects in the bucket.
- Drop the bucket along with all KiiObjects inside.
- Read the KiiObject.
- Update and delete the KiiObject.
- Subscribe to the topic.
- Send push messages to the topic.
The permissions can be granted to specific users and groups, anonymous users, authenticated users, and IoT-enabled things.
Access control is important to protect your data.
When you need to customize permissions, for example, to share data with specific users, you can minimize the number of permitted users by using the object's ACL. Even if your mobile app is hacked and attacked, the ACL protects saved data.