Managing Groups

The Kii Cloud SDK provides a way to manage groups of users. With this feature, you can specify access rights by group. For example, you can create data that can be read only by members of a certain group.

Any authenticated users can create a group. Once a group is created, the group owner can add and remove members of the group by default.

Using a group

In order to use a group from the mobile app, create a group (KiiGroup) and add members (KiiUsers) to the group. Members can be also specified when the API to create a group is called.

All logged-in users can create groups.

When a user creates a group, the user becomes the group owner. The owner has administrative rights to perform operations for managing the group, such as adding and deleting members and changing the owner.

Purpose of managing groups

Managing user groups has the following purposes:

  • Structuring links among multiple users

    A KiiGroup object links multiple KiiUser objects in an owner-member relationship; a KiiGroup will have an owner KiiUser and member KiiUser(s). You can model a group of users easily with this structure.

  • Managing shared data

    A group can have its own group-scope bucket for sharing data inside the group. The data inside the group-scope bucket will be treated as the property of the group. The appropriate access control will be automatically set on the data, making it easy to model data shared among multiple users (e.g., photo shared in a private group).

  • Defining access rights

    Make use of groups for access control.

    You can define ACL entries per group when configuring the ACL of buckets and KiiObjects. You can grant or revoke access rights from a group of users who have a specific role by defining ACL entries per group. When the number of users with the role changes, you can thoroughly change the access rights to the target data just by updating the group.

  • Identifying the thing owners

    A group can own a thing and become the owner of the thing. Once the group becomes an owner, all group members will be able to access the data in its thing scope. Suppose that you create a fitness application and this application gathers the data monitored by things (e.g. sensors). If you want to share the data among family members, for example, you can create a group for the family and give the ownership of the things to this group. See Ownership Management for more details on the thing ownership.