Access to database rows

jwerfel · June 4, 2015, 8:09pm

I have created a database through DreamFactory and I have created a simple UI that allows users to add rows to the database. Through my UI I would like to then be able to show entries the user has added. I know how to do all of this but my concern is, how do I prevent user A from viewing user B’s data? The query from the UI to filter the database results will include the logged in user ID, but anyone could easily see that raw request, change the user ID and be able to view another user ID. Is there some way on the server to restrict the rows in the database a user has access to?

Thank you

jeffreystables · June 4, 2015, 8:23pm

This is easily accomplished with server-side scripting. Here is a thread that covered this topic thoroughly:

And here is another thread with some more details:

And here are some references from our documentation that give you a technical basis for the details:

Topic		Replies	Views
Enduser Authentication - Restriction to sql Data Authentication & Security	1	1684	January 26, 2016
How to implement data access based on a table with user's permissions Authentication & Security	1	5124	October 23, 2014
Record-level security: advanced filters and non-GET requests REST API	2	3606	October 21, 2015
How to prevent User to see the data from other User but stored in the same table? Authentication & Security	1	2487	August 22, 2014
How to allow rest requests only for logged in users Authentication & Security	7	2656	August 21, 2014

Access to database rows

Related Topics