This article describes several real-world security scenarios and suggests how to easily handle them in the context of the Telerik Platform access control.
It is a common scenario where certain parts of the app are only available for paying customers. If those parts are related to some data being made available, you must make sure this same data is not accessible for non-paying customers.
With Telerik Platform this can be easily achieved using roles. By default, newly registered users are in the Registered role. You must make sure it does not have permissions on the data you want to protect. You could then create one role called Premium and give it the additional permissions. The only thing you will need to do is update the role of the user when you confirm his purchase.
With social apps becoming more and more popular, it is frequent when you need to enable sharing data between customers of your app. This can be easily done with Telerik Platform.
You just need to set the type security to Private so that only the owners have access to items. Then, when someone wants to share something with certain users, you just need to add those users to the list of users who are allowed to read (UsersCanRead array), on item level. Additionally, if you want to enable sharing with everyone, you could also set this on item level (EveryoneCanRead flag).
Using the Telerik Platform security system you could easily enable collaboration scenarios in your app. For example, you could have multiple users working on the same data. Also, you want to be able to select other users who cannot edit or delete the data, but can make notes.
For the data that must be editable to multiple users and read-only by some more, you can create the content types with Private security policy. Then, you add those users that must be able to edit in UsersCanUpdate and in UsersCanRead.
The other group of users that should have the data as read-only you only add to UsersCanRead list. You can then add another content type for the notes where all collaborators will have write access.
It is often the case when you need to present some data, hich is not entered by users, but is filled in from some other source. It could be automatically imported from some online source, or it could be entered using some admin tool you created for your app. You do not want to allow users to enter data from within your mobile app, only to read it. Still, you want to be able to enter the data yourself.
To implement this, you just need to set the security pattern to Read-only. This means that no one can create new items, edit or delete old items. The only way to enter data in such a content type is by using the Master Key of the app. You should work with it when entering the data - use it in the custom admin tool you have, or supply it to the automated data import procedure.
In some cases you have some data that is related to the application, but should not be visible to anyone except you, the owner of the app. This could be some error logs, some usage statistics, etc.
To achieve this, just set the security policy of the content type to Custom and then deny all permissions on all roles. Even if you create new content types or new roles later, they will automatically be denied access on all types.