Group Access Control
In order to prevent unauthorized access against groups, such as adding a member to a group, Kii Cloud provides group actions with predefined security settings.
As shown in the table below, logged-in users, group members, and group owners can perform different sets of actions. For example, non-group members cannot access data in the group scope and group members cannot remove any group member.
|User not logged in||User logged in||Administrator|
|Anonymous user||Non-group member||Group member||Group owner|
|Creating a new group||No||Yes||Yes|
|Referencing an existing group||No||Yes||Yes||Yes||Yes|
|Accessing data in the group scope *1||No||No||Yes||Yes||Yes|
|Adding and removing group members||No||No||No||Yes||Yes|
|Changing the group owner||No||No||No||Yes||Yes|
*1 Subject to the ACL settings and the group actions.
If these security settings do not satisfy your service specification, you can customize the access permissions. To do so, use the server code feature to identify the user role defined in the service specification and perform group actions with the administrative rights.
Kii Cloud ensures the security of your service with these access permissions. These permissions are defined at the system level of Kii Cloud. Unless a user's access token or password is leaked, no unauthorized access is possible even through a direct call to the REST API.