First off, we are glad you enjoy developing with Parse Server
Why are restrictions for ACL etc. so open?
They are “open” because Parse Server wants to be a tool for as many use cases as possible. It is one of the key advantages of Parse Server that many things are rather “open” which means they are configurable according to your project needs, while some things are rather “closed”, for example when it comes to (login) session security to take some weight off your shoulders when it comes to security deliberations. You will find out more about it as you discover more of Parse Server.
it is also possible to restrict the read-permissions to only a role or one user, but this wouldn’t make sense
It depends on how you set up your permissions. Imagine, your newspaper has two different types of articles:
- Articles readable by any user for free
- Articles only readable by users who are paying subscribers
Your free articles have “public” read access in the ACLs. Any new user that signs up can read them without you having to change the article ACLs. Your newspaper grows over time and has an archive of millions of articles. Whenever a user becomes paying subscriber, you would have to update millions of articles and add that user to the article ACLs to give them read access. That would be inefficient and increase resources costs. Instead, you would add that user to a role called “subscriber”. With just one update, the user has read access to millions of articles that require a subscription, because they all have read access for the role “subscriber” set in their ACLs.