Support please create a Account without a session token ,and check who is the owner,,if we create A object without Any token then the Admin on the object will “Database Admin ”,
my question is ,if i create a object without any token then which token will use to give permission…..
I see you deleted this but I will answer anyway for the benefit of the community.
When data is created anonymously, it is assigned to the
System Admin which created the instance from the Hypi UI. This user is kind of a super-admin.
There are many reasons why the anonymous user’s data is assigned to the system admin but probably the main one is that there is no reliable way to distinguish between two anonymous users. The platform cannot tell the difference between two of your anonymous users when you make an API request and so all anonymous requests are treated the same and the “Account” performing the operation has id
We do not assign the data created by anonymous because if anonymous user 1 makes a request to create some data and anonymous user 2 makes another request to create their own data, then both would be able to see and manipulate each others data without limits.
The platform assigns all data created anonymously to the user that created the Hypi instance i.e. the super admin.
and if my login token is working to give Account permission then why login token is not working to give phone permission..
Because when an account is created it is handled specially, the
hypi.createdBy field is set to the ID of the account that is about to be created rather than the ID of the account making the request.
I believe I understand your issue now as a result of this last message.
First, you are using the
upsert function to create an
Account. As I mentioned in your previous threads you should use the
I believe your issue is that the special handling of the account assigns the owner of the account to be itself but does not assign the owner of the
Phone or any other data created anonymously to the new account being created.
I believe this is a bug and have raised an issue for our engineers to investigate and fix. I’ll report back here with an ETA for a path which resolves this or an update if this is the intended behaviour.