Protected Fields permissions for writing and reading

jd-chaves · June 18, 2020, 7:06am

Hi!

I’m exploring some security features for my app and I was reading about ‘protected fields’. Unfortunately, I didn’t find enough documentation. First of all, can I prevent users from writing a protected field but not for reading it (I read protected fields were extra-security for fetching, so I’m not sure if I can do this)? If so, How can I do this (via Parse REST API preferably)?
I’m using javascript SDK and Parse Server version 3.9.0, in case it matters.

Any help would be appreciated, thanks in advance

uzaysan · June 18, 2020, 7:37am

Do you want maximum security? Or you just want to add extra layer for some objects?

jd-chaves · June 18, 2020, 8:30am

There’s a field (actually, more than one) in my table everybody should be able to read but nobody should be able to write. I would like to implement that without changing my Schemas (I thought creating a class for this fields and adding a pointer to it to the original class but using protected fields seems easier in case they support what I asked)

uzaysan · June 18, 2020, 8:35am

I dont have information about protected fields. But take a look at this article. This is not what you have asked for but no harm to look.

It show securing parse objects. with disabling all permissions for users and handling everything yourself in cloud code via masterKey

jd-chaves · June 20, 2020, 5:26pm

Thanks! I’ll take a look