CloudKit安全角色和权限如何工作? [英] How do the CloudKit security roles and permissions work?

问题描述

CloudKit中有三个默认的安全角色:

There are three default security roles in CloudKit:

• 世界
• 已认证
• 创作者

• World
• Authenticated
• Creator

三个权限:

• 创建
• 阅读
• 写

• Create
• Read
• Write

这些安全角色和权限如何工作?

How do these security roles and permissions work?

以下是一些我希望通过解释安全角色得到解答的问题的例子:

Here are examples of some of the questions I would hope get answered by an explanation of security roles:

• 这三个角色是什么意思?前两个似乎很明显，但最后一个似乎不太明显.例如.创造者是指表的创造者还是记录的创造者?
• 删除权限应归于何处?写吗?
• 可以将安全角色应用于单个记录吗? (例如，我希望用户只能访问InstantMessages表中的记录的子集:它们发送的记录和接收的记录.可以通过安全角色来完成这种性质的操作吗?)
• 是否继承了权限? (例如，创建者是否获得了创建者授予的所有权限，已验证的身份和世界权限?)
• 权限纯粹是可加的吗?或者我可以创建一个自定义角色来删除特权，而不是添加特权吗? (例如，为了创建被禁用户"安全角色.)
• 如何为用户设置角色?我可以为创建的每个用户设置默认角色吗?我可以通过编程方式更改用户的角色吗?
• 如何创建新的安全角色?我可以通过编程方式创建/更新它们吗?

• What do the three roles mean? The first two seem obvious, but the last one seems less so. E.g. does Creator refer to the creator of the table, or the creator of a record?
• Where would the deletion permission fall under? Write?
• Can security roles be applied to individual records? (E.g. I want a user to have access to only a subset of the records in the InstantMessages table: the ones they send, and the ones they receive. Can something of this nature be done via security roles?)
• Are permissions inherited? (E.g. Does the creator get all permissions granted from creator, authenticated, and world?)
• Are permissions purely additive? Or can I create a custom role that will remove privileges rather than add them? (E.g. in order to create a "Banned User" security role.)
• How do I set the role on a user? Can I set a default role for every user that is created? Can I change a user's role programmatically?
• How do I create new security roles? Can I create/update them programmatically?

推荐答案

1)这些安全角色和权限如何工作?您将它们设置在开发环境中的仪表板上.

1) How do these security roles and permissions work? You set them on the dashboard in the Development environment.

2)这三个角色是什么意思?前两个似乎很明显，但最后一个似乎不太明显.例如.创建者是指表的创建者还是记录的创建者? -记录的创建者(这意味着使用相同的iCloud帐户访问CloudKit的所有设备)

2) What do the three roles mean? The first two seem obvious, but the last one seems less so. E.g. does Creator refer to the creator of the table, or the creator of a record? - Creator of the record (and that means all devices that access CloudKit with the same iCloud Account)

3)删除许可将归于何处?写?是的

3) Where would the deletion permission fall under? Write? YES

4)可以将安全角色应用于单个记录吗?否

4) Can security roles be applied to individual records? NO

5)(例如，我希望用户只能访问InstantMessages表中的记录的子集:它们发送的记录和接收的记录.可以通过安全角色来完成这种性质的操作吗?) 访问"是什么意思?用户只能阅读您的应用允许他们阅读且具有阅读权限的内容.用户只能创建或写入(和删除)您的应用允许他们创建或修改(和删除)的记录，以及他们具有创建或写入权限的记录-两者都需要.

5) (E.g. I want a user to have access to only a subset of the records in the InstantMessages table: the ones they send, and the ones they receive. Can something of this nature be done via security roles?) What does 'access' mean? A user can only read things that your app allows them to read and that they have read permission. A user can only create or write (and delete) records that your app lets them create or modify (and delete) and that they have create or write permission - it takes both.

6)权限是否被继承? (例如，创建者是否获得了创建者授予的所有权限，已验证的身份和世界权限?)角色是另一个角色的子集-创建者是已验证的子集.身份验证是世界的子集.

6) Are permissions inherited? (E.g. Does the creator get all permissions granted from creator, authenticated, and world?) Roles are subsets of the other - a creator is a subset of authenticated. authenticated is a subset of world.

7)是权限....以编程方式进行?权限进入广泛的类别创建者"已认证"世界"，因此您不能按用户设置许可(除了创建记录的用户是唯一的创建者).

7) Are permissions....programmatically? Permissions go to the broad class "creator" "authenticated" "world" so you can't set permission user-by-user (except that the user who creates a record is the only creator).

但是，所有这些操作的关键是要记住，您的应用程序代码需要授予对记录的创建/读取/写入权限，并且特定用户必须具有该权限.因此，您可以在代码中做任何您想做的事情，以允许任何人做任何事情-前提是您授予了认证"了写"的权利

But key to all of this is to remember that it takes your apps code to grant create/read/write to a record AND the particular user must have that permission. So you can do anything you want in code to allow anyone to do anything - provided you granted "Authenticated" the right to "write"

这篇关于CloudKit安全角色和权限如何工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！