Record level access control for roles


#1

Hi

I am using dreamfactory on bluemix and cloudant database as a service in dreamfactory.
I want to setup several roles for my app and give different access controls to different roles. So I’ve been trying to setup record level access control in dreamfactory.

I gave access to a users database to a particular role, and I also allowed only a couple of methods (GET and PATCH). It’s working fine but when I try to add advanced filters, I’m not able to see any difference.

For example every user in the users database must have a property called “org_email”, and only the user whose email on dreamfactory equals “org_email” field in the users database in cloudant should have access to that particular record. So when I log in as a user with that role, and make a GET request to that database, I still see every record in that database.

This is what I did. Please do let me know if there’s anything wrong with it.

Regards,
Chakradhar


#2

Hi Chakr.
I was able to replicate this issue and I think it might be a bug. Checking with our Engineering team.

I also went ahead and tested this in DreamFactory 2.0 and confirmed that it works as expected.


#3

I followed up with Engineering today. This issue is a bug and is resolved in DF 2.0