apigeeuser-permissionsusergridapigee-baas

usergrid collection permission not working


I have created user name abcdef and added permission for that user for concerts collection as

enter image description here

When I query for concerts, I expect it to return nothing but it returns all concerts entity. Is there something that I am missing on applying permission

curl -XGET 
http://api.usergrid.com/***/***/concerts?access_token\=YWMt8zqr5FqqEeWmj-Oi1e6IqAAAAU_unlN_XnYvv7TeJszcL1o0cEPNYfmWJIw

Solution

  • Filed under USERGRID-1020


    There are two reasons that might cause this. First, default sandbox permissions may still be set up on your app:

    enter image description here

    You'll need to remove this or set them all to no.


    Second, and more importantly, applying the permissions directly to the user doesn't appear to be working (?!) and I don't know if this is by design or not. To test this, I duplicated your scenario, and am seeing the same result. To work around it (which actually is more of a security best practice anyway) I created a group with the desired permissions and added the user to the group:

    enter image description here enter image description here