By default, applications in JourneyApps work on a single-tenant model, where every authenticated user has access to all data in the application. Even if the user does may not have the ability to use the application to access data, the REST APIs expose access to all data in the deployment by default.

Two types of access control roles are available: global rules and user-specific rules.

Global access control rules

These configure whether users can read or write specific models, regardless of the attributes in the model.

Example:

<!-- product_categories can be read by any user, but not modified -->
<access model="product_categories" restrict-to="read" />

User-specific access control rules

These rules restrict read or write to specific "owning" users for a model.

In this case, an explicit has-many relationship is required between the user and the objects that the user is authorized to access.

Example:

<!-- Users can only read and write their own tasks. -->
<access model="task" via="user.tasks" />