Scopes and Access Privileges
Buckets are managed in the three scopes: the application scope, group scope, and user scope.
Buckets in this scope belong to the application. These buckets are suitable for data shared by all the users of the application, such as the highest score of a game and default setting values.
Buckets in this scope belong to a group. These buckets are suitable for data shared by group members, such as data on a bulletin board.
Buckets in this scope belong to a user. These buckets are suitable for data privately owned by a user, such as a user's personal data and setting information.
You can create multiple buckets per user or group instance in each scope. Each bucket can store multiple objects.
In the below example, each user has two buckets,
ViewSettings. Suppose you need to display all the images owned by
Bob James. You can get the data of
Tokyo Sta. and
Maldives by calling the API which lists objects in the
PhotoData bucket of the user
Access to buckets in each scope is determined by the access privileges of the logged-in user.
In the below example, the logged-in user
Bob can access the following data:
Buckets in Bob's user scope
Sales divisionthat Bob belongs to
Buckets in the application scope
Kii Cloud returns an error if Bob attempts to access buckets other than the above.
Buckets and objects have their own ACL (Access Control List) which is a whitelist containing users who can access them. You can change the access rule by updating the ACL.
See Customizing Access Permissions for more information about customizing access privileges.