Bucket

In order to fully leverage the power of Kii Cloud, it is important to understand the concept of "buckets". The best way to understand a bucket in this sense is to imagine a virtual bucket floating in Kii Cloud. There can be any number of buckets belonging to the application, a user or a group. They are defined by the developer, and hold all data objects. A great way to understand is to try it yourself! So read on for some examples...

Bucket Names

You can name your Buckets with arbitrary names as long as you follow these rules:

  • You cannot use the following reserved names:
    • users
    • devices
    • internal
  • You cannot use the name that starts with "_" (underscore).

Bucket Scopes

Each bucket has a "scope", which determines to whom the bucket belongs. For example, if a bucket belongs to a specific group, this bucket has "Group Scope" and all the data in this bucket will be kept as long as the group exists in Kii Cloud.

These are the three bucket scopes currently supported by Kii Cloud:

  • Application Scope : The bucket belongs to your application.
  • Group Scope : The bucket belongs to a user group.
  • User Scope : The bucket belongs to a user.

The scope also affects the default access control applied to the data that is created within this bucket. The following table summarizes the bucket scopes and the default permissions granted.

Scope Who can create a new data in the Bucket? Who can query for data in the Bucket? Who can drop the Bucket Who can add ACL entries?
Application - Any authenticated users - Any authenticated users
- Anonymous users
- Any authenticated users Nobody
(The app admin only)
Group - All group members
- The group owner
- The bucket creator
- All group members
- The group creator
- The bucket creator
- The group owner
- The bucket creator
- The group owner
User - The user
- The bucket creator
- The user
- The bucket creator
- The user
- The bucket creator
- The user

In short:

  • Application scope bucket is "open" to all application users. Also, anonymous users will have "read-only" access to the bucket.
  • Group scope bucket is "open" to the group; it grants "read/write" accesses to all group members.
  • User scope bucket is "private" to the user. Only the user can access the bucket.

You can also tweak the access control by adding one or more ACL entries. This will enable you to open more access to the specified users/groups.