Basic Permissions
CloudBase provides multi-level storage permission management mechanisms to ensure file security while meeting the permission control needs of different business scenarios.
Cloud storage uses the _openid field as the basis for determining file ownership during read and write operations.
Permission Management System
CloudBase cloud storage permission management consists of two levels:
| Permission Type | Control Granularity | Use Case | Configuration Complexity |
|---|---|---|---|
| Basic Permission Control | Collection level | Simple permission needs | Low |
| Security Rules Permission | Document level | Complex business logic | High |
Basic Permission Control
Configuration Method
On the CloudBase Console/Cloud Storage/Permission Settings page, set the corresponding permissions for cloud storage:
Permission Options
Basic permission control provides four preset permission types, chosen based on user identity and file characteristics:
| Permission Type | Use Case | Recommendation |
|---|---|---|
| All users can read, only creator and admin can write | User comments, public user information | Suitable for content display applications |
| Only creator and admin can read and write | Personal user settings, user order management | Suitable for personal information management |
| All users can read, only admin can write | Product information, etc. | Suitable for read-only configuration and reference data |
| Only admin can read and write | Backend transaction data, etc. | Suitable for sensitive data requiring server-side processing |
Security Rules Permission
Security rules permission is CloudBase database's document-level permission control capability, offering greater flexibility and precision compared to basic permission control.
For details, please refer to Cloud Storage Security Rules