I have created user name abcdef
and added permission for that user for concerts
collection as
When I query for concerts, I expect it to return nothing but it returns all concerts entity. Is there something that I am missing on applying permission
curl -XGET
http://api.usergrid.com/***/***/concerts?access_token\=YWMt8zqr5FqqEeWmj-Oi1e6IqAAAAU_unlN_XnYvv7TeJszcL1o0cEPNYfmWJIw
Filed under USERGRID-1020
There are two reasons that might cause this. First, default sandbox permissions may still be set up on your app:
You'll need to remove this or set them all to no
.
Second, and more importantly, applying the permissions directly to the user doesn't appear to be working (?!) and I don't know if this is by design or not. To test this, I duplicated your scenario, and am seeing the same result. To work around it (which actually is more of a security best practice anyway) I created a group with the desired permissions and added the user to the group: