Export (0) Print
Expand All

Permissions

Updated: April 15, 2014

Microsoft Azure Mobile Services enables you to set the following permissions on specific table operations (insert, read, update and delete) and specific custom API request methods (GET, POST, PUT, PATCH, and DELETE):

  • Everyone: This means that any request is accepted. This option leaves the specific resource wide-open for everyone to access.

  • Anybody with the Application Key: The application key is required to access the requested resources.

    securitySecurity Note
    The application key is distributed with the application. Because this key is not securely distributed, it cannot be considered a security token. To secure access to your mobile service data, you must instead authenticate users before accessing.

  • Only Authenticated Users: Only authenticated users are permitted to access the requested resources. Server-side code can be used to further restrict access to tables based on an authenticated user.

  • Only Scripts and Admins: The service master key is required to access the requested resources. This limits access to code running on the service and administrator accounts, which includes the Microsoft Azure Management Portal.

In a JavaScript backend mobile service, these permissions are set in the Management Portal. In a .NET backend mobile service, permissions are set by applying the AuthorizationLevel attribute at either the method or the class level.

For examples of setting permissions for table operations, see Get started with users (Windows Store C# / Windows Store JavaScript / Windows Phone / iOS / Android / HTML). For an example of setting permissions for custom API request methods, see Define a custom API that supports pull notifications (Windows Store C# / Windows Store JavaScript).

Show:
© 2014 Microsoft