Data Access Control Management
CloudBase MySQL database layer supports configuring basic data permissions, which are divided into basic permissions and role permissions.
Database read/write operations use the _openid field to determine data ownership.
Basic Access Control
Data permissions for all users can be set
| Permission Type | Applicable Scenarios |
|---|---|
| Read all data, modify own data | Public content, such as articles, products |
| Read and modify own data | Private data, such as user profiles |
| Read all data, cannot modify data | Configuration data, such as system settings |
| No access | Sensitive data, such as financial information |
Role-based Permissions
Basic permissions can be individually configured for anonymous users, external users, and internal users.
| Role Type | Description |
|---|---|
| Anonymous User | Users who log in anonymously |
| External User | Users who register and log in non-anonymously |
| Internal User | Users created by the administrator via the cloud console / OpenAPI / enterprise identity sources |
Tip
If you wish to implement more granular permission control on data, please refer to Data Model Management for Data Permissions