Kii Cloud allow you to customize access control for the following items:
- Bucket (who can create new objects/files in the bucket?, who can query the objects/files inside the bucket?)
- Object/File (who can read and/or write the object/file?)
- Topic (who can subscribe the topic? who can send messages to the topic?)
Setting your own custom access control is very easy. Please take the following steps:
Step1: Select one of the three predefined access control settings
Kii Cloud offers the following three settings (named "scope") for you to select.
-
Application scope: This will make the item basically open to all application users. For example, all application user will be able to read/write an application-scope bucket.
-
Group scope: This will make the item open for a certain user group. For example, only group members will be able to subscribe and send messages to a group-scope topic.
-
User scope: This will make the item open only to a certain user. For example, only the user can access a user-scope object.
Step2: Fine-tune access control by adding ACL entries
You can add some ACL entries to open up the access so as to accommodate your needs. An ACL entry defines "which action" is to be granted to "who". When defining "who", you can specify a user, a group, "all authenticated app users", or "any users (i.e. anonymous users)".
Example:
Start with a user-scope bucket to store some private data. Later add an ACL entry to allow your friends to query the bucket so as to start sharing your data.
Another example:
Start with an group-scope topic. Add an ACL entry to allow all authenticated app users to subscribe the topic and view the push messages in order to make all conversations open (while letting only the group members to send messages).