Group Access Control

In order to prevent unauthorized access against groups, such as adding a member to a group, Kii Cloud provides group actions with predefined security settings.

As shown in the table below, logged-in users, group members, and group owners can perform different sets of actions. For example, non-group members cannot access data in the group scope and group members cannot remove any group member.

User not logged in User logged in Administrator
Anonymous user Non-group member Group member Group owner
Creating a new group No Yes Yes
Referencing an existing group No Yes Yes Yes Yes
Accessing data in the group scope *1 No No Yes Yes Yes
Adding and removing group members No No No Yes Yes
Changing the group owner No No No Yes Yes

*1 Subject to the ACL settings and the group actions.

If these security settings do not satisfy your service specification, you can customize the access permissions. To do so, use the server code feature to identify the user role defined in the service specification and perform group actions with the administrative rights.

Kii Cloud ensures the security of your service with these access permissions.
These permissions are defined at the system level of Kii Cloud. Unless a user's access token or password is leaked, no unauthorized access is possible even through a direct call to the REST API.

Learn more...

  • For more information about each group action and tips for customizing the access permissions with the server code feature, see "Group Access Control" (Android, iOS, JavaScript, REST) in the programming guides.