ACL Field in schemas

When I do find queries or get a single object from any schema I have, I get an ACL field in the response data so is this normal behavior? Should consider ACL field as a private? even if I use only sessionToken in queries I still get it so I thought these info in ACL must be private and only accessible by the server only

Please guide me if I miss something here.

If you want to adjust accessible data, you can do it by afterFind trigger.

Hi @aboozaid, yes, ACLs are included in each response. You can try removing them using afterFind.

However, ACLs are simply a list of role and user IDs. It’s anonymous data, so it’s not a security issue. If you have too many users linked in the ACL, you should consider moving to a parse role and linking the parse role to the object.