Basic Permissions
CloudBase provides a multi-layered data permission management mechanism to ensure data security while meeting the permission control needs of different business scenarios.
Database read/write operations use the _openid field to determine data ownership.
Permission Management System
CloudBase data permission management includes two levels:
| Permission Type | Control Granularity | Applicable Scenarios | Configuration Complexity |
|---|---|---|---|
| Basic Permission Control | Collection Level | Simple permission requirements | Low |
| Security Rules Permission | Document Level | Complex business logic | High |
Basic Permission Control
Configuration Method
On the CloudBase Console/Document Database/Collection Management page, set corresponding permissions for each collection:
Permission Options
Basic permission control provides four preset permission types, choose based on user identity and data characteristics:
| Permission Type | Applicable Scenarios | Usage Recommendations |
|---|---|---|
| Read all data, modify own data | Public content, such as articles, products | Suitable for content display applications |
| Read and modify own data | Private data, such as user profiles | Suitable for personal information management |
| Read all data, no data modification | Configuration data, such as system settings | Suitable for read-only configuration and reference data |
| No permissions | Sensitive data, such as financial information | Suitable for sensitive data that requires server-side processing |
Security Rules Permission
Security rules permission is the document-level permission control capability provided by CloudBase database, which has higher flexibility and precision compared to basic permission control.
For details, please refer to Database Security Rules Detailed Guide