Securing Data
You can control access to the application data by using scopes and ACLs (Access Control Lists) in Kii Cloud. With these mechanisms, you can flexibly configure access control according to the requirements of your application.
When an object in Kii Cloud is accessed, its access permission is checked and only permitted users can manipulate the object. You can control access to scopes, buckets, KiiObjects, and push notification topics. You can grant necessary access privileges to users by customizing the ACL (Access Control List) of these objects.
Your own custom access control is set in the following ways.
You select one of the three predefined access control settings (scopes) when you create a new bucket/KiiObject/topic.
- Application scope: The scope for setting the bucket/KiiObject/topic open to all application users.
- Group scope: The scope for setting the bucket/KiiObject/topic open to a certain user group.
- User scope: The scope for setting the bucket/KiiObject/topic open only to a certain user.
Optionally, you can add some white lists (ACL entries) to fine-tune the access control setting.
Although the three scopes provided by the Kii Cloud should cover the most of the application use cases, you may sometimes want to tweak access control further. You can do so by adding one or more ACL entries so as to grant the access to more users and groups.
Customizing access control
You can customize access control for the following four types of objects in Kii Cloud, by getting a list of ACL entries and changing such entries of each object.
Customizing a Scope's ACL (The REST API only)
Who can create a new bucket? Who can create a new topic?
Who can create new data in the bucket? Who can query the data inside the bucket?
Who can read the KiiObject? Who can update and delete the KiiObject?
Who can subscribe to the topic? Who can send messages to the topic?