Docs‎ > ‎API Creator‎ > ‎Security‎ > ‎

Security Examples

You can familiarize yourself with security using the following security examples. Browse the examples to get the basic idea.

Prerequisite: You have a good understanding of Authentication and Authorization.

Complex Permission Predicates

In the following security example, we ensure that Guests (authorized for the Guest role) do not see orders for secret parts such as Stealth Bolts. The predicate is a correlated sub query, as shown in the following code snippet:
ident not in (
  select _o.ident from orders _o  
    left join lineitems _l on _l.order_ident = _o.ident 
    left join products _p on _p.name = _l.product_name 
  where _p.is_secret = true)

For more information about defining role permissions, see Roles.

Assign Globals

Each general User is assigned the General Role, which filters orders based on their amount. The exact amount for each user is specified by a global value, referenced from the predicate. You commonly assign a global to a user-based rows, as shown in the Demo API Security.


In this example, the auth token defines a global value maxAmount. This user is assigned to the General User Role, which specifies the following Permission for the orders table.

For more information about auth token globals, see Authorization.

Observe the use of the maxAmount Global value that we defined. The following image shows the Manage, Roles, Permissions page:

Verify SQL with REST Lab

Verify the proper operation using logging and the REST Lab.

For more information:

  1. Define the auth token with the following (typical) Logging settings. The following image shows the Manage, Auth Tokens, Logging tab:
  2. Issue a Get Request for Orders using the REST Lab with this auth token.
You have verified the result and see the actual generated SQL.