Do I have to change DB permissions?

theclicksapps · April 13, 2022, 5:49am

Hi
I recently received an email regarding the permissions I gave to my collections. They are open to everyone because I made API that read and write to them from a mobile app.

I want to know, do the permissions have to be changed or is it just a recommendation?

(BTW, is there a way to reach the data as an admin / collaborators without signing in? such wix api? then I can change the permissions and still let access to anyone who came through my app, I validate it with password I send and check)

J.D · April 14, 2022, 1:57pm

It depends on the collection contents. If it’s sensitive/private info you should restrict it.
Anyway, if you wish to bypass the permission (which is only possible from backend functions including http-functions) all you need to do id to add {suppressAuth: true} options:

query.find({suppressAuth: true})

wixData.get('Collection', id, {suppressAuth: true})

wixData.update('Collection', item, {suppressAuth: true})

etc…

theclicksapps · April 15, 2022, 7:15am

tnx a lot!

Topic		Replies	Views
How to change permissions for external database collection? Ask the community code , question	10	501	May 27, 2023
Database collection permissions question Ask the community code , question	11	2120	August 15, 2018
Security in databases Ask the community code , question	5	993	June 12, 2018
HELP - I'm Stuck On Database Permissions Issue Ask the community code , question	4	144	July 30, 2018
PrivateMembersData read permissions changed by itself to "Admin" Ask the community code , question	10	494	December 20, 2019

Do I have to change DB permissions?

Related topics