Enduser Authentication - Restriction to sql Data


#1

Hello,

i have a webservice running where it is possible for endusers to signup.
If they login i want, that the authentication is done via my dreamfactory instance and the user is restricted to only his data.

Where has the user data to be saved?
Do i really have to create a user for each authentication?
But the biggest question is, how do i restrict them to their data? Server-Side scripting? Respectively do i need to do this or has my webservice to double check this? (In the future i want more services getting data from this interface)

Thank you in advance!

Lukas


#2

You’ll have to use Server Side Filters to have Record Level Access control.

When creating your database schema, create one field with type user_id. This will be used to identify the owner of that record.

In the user’s role define an Advanced Filter to filter only the records owned by the user requesting the data.

Take a look at https://github.com/dreamfactorysoftware/dsp-core/wiki/Server-Side-Filters