Enduser Authentication - Restriction to sql Data

lumoe · January 22, 2016, 8:07am

Hello,

i have a webservice running where it is possible for endusers to signup.
If they login i want, that the authentication is done via my dreamfactory instance and the user is restricted to only his data.

Where has the user data to be saved?
Do i really have to create a user for each authentication?
But the biggest question is, how do i restrict them to their data? Server-Side scripting? Respectively do i need to do this or has my webservice to double check this? (In the future i want more services getting data from this interface)

Thank you in advance!

Lukas

Elvis_Fernandes · January 26, 2016, 6:39pm

You’ll have to use Server Side Filters to have Record Level Access control.

When creating your database schema, create one field with type user_id. This will be used to identify the owner of that record.

In the user’s role define an Advanced Filter to filter only the records owned by the user requesting the data.

Take a look at https://github.com/dreamfactorysoftware/dsp-core/wiki/Server-Side-Filters

Topic		Replies	Views
Access to database rows Authentication & Security	1	3559	June 4, 2015
Record-level security: advanced filters and non-GET requests REST API	2	3606	October 21, 2015
Restrict mongoDB data to document's owner Schema & Data	2	2665	March 23, 2016
How to implement data access based on a table with user's permissions Authentication & Security	1	5124	October 23, 2014
How to prevent User to see the data from other User but stored in the same table? Authentication & Security	1	2488	August 22, 2014

Enduser Authentication - Restriction to sql Data

Related Topics