User Attributes
You can use user attributes to store various user data on Kii Cloud.
User attributes consist of predefined fields and custom fields. These fields are saved per user.
- The purpose of each predefined field has been defined by Kii Cloud. Most of the predefined fields are used for specific features of Kii Cloud such as authentication.
- Custom fields can be freely defined and used for various purposes according to the requirements of your mobile app.
You can use buckets in the user scope to provide a similar capability as custom fields. If you have frequent write accesses, for example, to the game score information, use buckets in the user scope. Buckets in the user scope provide higher performance than custom fields of user attributes.
Accessing user attributes
Only specific types of users can query users and refresh KiiUsers. Allowed actions per user type are as below:
- Anonymous Users: Not logged in users cannot access any user attributes as attempts to query users will cause an error.
- Other Users: A user can only read other user's attributes. Some attributes (e.g. email address, phone number, and custom fields) are readable only when the "Expose Full User Data to Others" option is enabled.
- User Themselves and Admin: A user can freely read and write their attributes. The administrator (i.e. a user with the administrator token) can freely read and write any user's attributes.
The following table summarizes the access limitation:
Anonymous Users | Other Users | User Themselves | Admin | ||
---|---|---|---|---|---|
Querying users Refreshing KiiUser |
Error | Yes | Yes | Yes | |
Reading | Username | Yes | Yes | Yes | |
Display Name Enabled or disabled |
Yes | Yes | Yes | ||
Email Address Phone Number *1 |
Yes *2 | Yes | Yes | ||
Custom Fields | Yes *2 | Yes | Yes | ||
Writing | Username | Error | Yes | Yes | |
Display Name Enabled or disabled |
Error | Yes | Yes | ||
Email Address Phone Number *1 |
Error | Yes | Yes | ||
Custom Fields | Error | Yes | Yes |
*1 These attributes are controlled by the "Expose Full User Data to Others" option
*2 These data will not be retrieved if the "Expose Full User Data to Others" option is disabled.
If you need to modify other user's attributes, you can use the server extension to implement the logic as server code and manually execute the code. This method, however, has a risk of introducing unauthorized accesses to those people who obtain your AppKey and AppID (See Security for more discussion on the access keys and the security risk). The safer method is to create a dedicated user scope bucket for storing the user attributes and set the appropriate ACL. If you want to limit the access to the user attributes to a specific group, for example, you can configure the bucket to make it only accessible to this group members.
Unlike the user attribute, the access to a user-scope buckets and objects can be controlled with the ACL. Even anonymous users can access the user scope buckets and objects if the ACLs are set accordingly. Simply create a KiiUser with the URL, ID or group and access the bucket without refreshing it.