Discussions

Expand all | Collapse all

Does Add Record API Can add record in table if we remove add Permission from View For Role

  • 1.  Does Add Record API Can add record in table if we remove add Permission from View For Role

    Posted 22 days ago

    Hi, Can somebody help me here

    My question is :
    Does Add Record API Can add record in table if we remove add Permission from View For a particular Role like Customer. For example like I removed record add permission for a table "Table - A" and I have written some JavaScript in which I am calling add record API on button click and I am logged in as a customer role, but I am not able to add the record.    

    Any help will appreciated. Thanks



    ------------------------------
    Abhishek Kumar
    ------------------------------


  • 2.  RE: Does Add Record API Can add record in table if we remove add Permission from View For Role

    Posted 22 days ago
    If you present a button to a user to do an Add Record API, it will operate on the permissions of the user. if the user does not have permissions to add record, then the API will fail. Note that hiding the Add Record button in the User Interface setting is different from Roles permission to Add Record.

    ------------------------------
    Mark Shnier (YQC)
    Quick Base Solution Provider
    Your Quick Base Coach
    http://QuickBaseCoach.com
    mark.shnier@gmail.com
    ------------------------------



  • 3.  RE: Does Add Record API Can add record in table if we remove add Permission from View For Role

    Posted 22 days ago

    Hey Mark,

    Thanks for your quick reply. Just for clarification It does not mean what user token we are using in API call, It will operate as per login user role. Am I understanding right. 

    For example like : The user token using in API call who has admin permission but I am logged in as Customer role and clicking a button to run that JavaScript. As per your statement this will fail because Quick Base operate on permission of logged in User.

    Please correct me If I am wrong. Thanks. 



    ------------------------------
    Abhishek Kumar
    ------------------------------



  • 4.  RE: Does Add Record API Can add record in table if we remove add Permission from View For Role

    Posted 22 days ago
    No, if you include a <user token> that that will be the Permission that the API will operate under so in fact the API will succeed.

    ------------------------------
    Mark Shnier (YQC)
    Quick Base Solution Provider
    Your Quick Base Coach
    http://QuickBaseCoach.com
    mark.shnier@gmail.com
    ------------------------------



  • 5.  RE: Does Add Record API Can add record in table if we remove add Permission from View For Role

    Posted 22 days ago
    Be very careful including user tokens in JavaScript or API buttons. If a user were to extract that administrative user token they could then do any call they wanted, up to the limit of the permissions associated with that user token.

    It isn't a common thing to have happen because it takes a pretty knowledgeable user but the possibility is there.