Updated: June 16, 2015
Microsoft Azure Mobile Services enables you to set the following permissions on specific table operations (insert, read, update and delete) and specific custom API request methods (GET, POST, PUT, PATCH, and DELETE):
Everyone: This means that any request is accepted. This option leaves the specific resource wide-open for everyone to access.
Anybody with the Application Key: The application key is required to access the requested resources.
The application key is distributed with the application. Because this key is not securely distributed, it cannot be considered a security token. To secure access to your mobile service data, you must instead authenticate users before accessing.
Only Authenticated Users: Only authenticated users are permitted to access the requested resources. Server-side code can be used to further restrict access to tables based on an authenticated user.
Only Scripts and Admins: The service master key is required to access the requested resources. This limits access to code running on the service and administrator accounts, which includes the Microsoft Azure Management Portal.