Permission
Overview
Deskree Permissions are powerful tools that allow you to define the rules for accessing your database and integrations data by API endpoint. There are separate permissions you can setup by each DB table or integration.
To provide for even more flexibility, you can create your own custom Roles and use them as an additional Permission type.
Note that by default all permissions are set to Public. Meaning that they are accessible via API without user Authentication.
Permission types
There are 4 Permission types you can use on the platform:
1. Public
Endpoints with permission type set to public are available for anyone to access without providing an authorization header.
Having endpoints permissions set to public means that anybody on the internet can access that endpoint.
2. Private
Only registered users of the platform can access endpoints set to this type by providing a valid authorization header. You can learn more on the Authorization page.
3. Admin
To get Admin Token, visit the Access Token page inside the Settings of your project. Learn more about Admin Token by visiting the Admin Token page.
If an endpoint has permission set to "admin", it means it will only be accessible when a valid deskree-admin token is provided in the header of the request.
Deskree Admin Token allows skipping all the set permission. This is a great tool when you want endpoints to be only accessed from a specific front-end implementation, such as admin panels.
Few important considerations:
The system does not track the author's property when using an admin token.
You can use Admin permission as a way to "disable" certain endpoints and make them inaccessible to anyone other than yourself or your Deskree teammates.
You can provide a Deskree Admin token regardless of the permissions set by an endpoint to completely skip the middleware part. In the other words, it overwrites the permissions.\
Always keep your Deskree Admin token secure as it is a very powerful token that may allow unwanted access to your data if compromised. If you believe that is the case, you can always refresh your token.
4. Custom Roles
To access endpoints where permission is set for certain roles, a user must have this role when making the request. For a more detailed explanation please visit Roles page.
You can add an unlimited number of roles in the Roles tab of the Middleware page
Batch update
You can customize each individual endpoint permission as well as apply the same permission to all endpoints via Apply batch permissions to all the selector in the top right corner of the page.
Search bar
Search bar can be found in the top right corner. On the Database page by typing key words you can navigate directly to the table you are looking to update permissions for.
On Integrations page, by typing the key word (for example, part of the endpoint's URL) you can quickly find the one you are looking for.
Summary
Here is a quick summary of each Permission type requriements;
| Info | Public | Private | Admin | Roles |
|---|---|---|---|---|
Authorization Header Required | ||||
Available for Database APIs | ||||
Available for Integrations APIs | ||||
Admin token required |
Last updated
