LogoLogo
What's NewDeveloper CommunitySupportStatus
  • 🚀Get Started
    • What is JourneyApps Platform?
    • Tutorial: Build your First App
      • 1. Introduction
      • 2. Create a new App
      • 3. OXIDE IDE Overview
      • 4. Hello World app
      • 5. The Data Model
      • 6. View Components
      • 7. Queries and Data Sync
      • 8. Simple Navigation
      • 9. View Stack
      • 10. Input Validation
      • 11. View Parameters
      • 12. Data Manipulation
      • 13. Responsive Apps
      • 14. Styling
      • 15. Lists
      • 16. GPS Capturing
      • 17. Relationships
      • 18. Multiple User Roles
      • 19. Deployment and Users
      • 20. Version Control
      • 21. CSV and APIs
      • 22. Conclusion
    • JourneyApps Platform Fundamentals
      • Creating a New App
        • Git-enabled Apps
      • What are Views?
      • What is the Data Model?
      • JourneyApps Syntax Basics
      • Access the Database (DB)
        • Manipulate DB Objects
        • Query DB Objects
      • View Navigation
        • Deep Linking
      • CloudCode Overview
      • OXIDE (Online IDE)
  • 💻Build your App
    • JourneyApps Syntax
      • Syntax Basics
      • Access the DB
      • View Navigation
      • Async & Await
      • TypeScript Apps (Beta)
        • runtime-build package
        • TypeScript App Troubleshooting
      • What's New in V4
        • Updating to the V4 API
    • Configure your Data Model
      • What is the data model?
      • Reference: model
        • field
        • belongs-to
        • has-many
        • index
      • Data Rules
        • Data Buckets
        • Sync Rules - Limit data synced to devices
        • Data ACLs - Limit access to data
        • Real-world example for Data Rules
        • ❔FAQs
        • Migrate to Data Rules
      • App Indexes
      • Webhooks
    • UI Components
      • All UI Components
        • actionSheet
        • Attachments
        • button
        • button-group
        • capture-coordinates
          • marker
          • marker-query
        • capture-file
        • capture-photo
        • capture-signature
        • card
          • accent
          • action
        • columns
          • column
        • component
        • context-menu
          • divider
          • item
        • CSV
        • date-input
        • datetime-input
        • dialog
          • body
        • display-3d-model
          • 📖display-3d-model Guides
            • Guide 1: Initialize and layout a 3D model in a view
            • Guide 2: Control playback position
            • Guide 3: Troubleshooting controls
        • display-coordinates
        • display-file
        • display-image
        • display-photo
        • display-signature
        • heading
        • html
          • HTML Advanced Topics
          • ❔HTML FAQs
          • 📖Guide: HTML & JourneyApps iFrame Client
        • icons
        • info
        • info-table
          • row
        • journey.photos (capture multiple photos)
        • JourneyPrinter (print PDFs)
        • grid
          • cell
          • 📖grid Examples
        • list
          • list-item
            • accent
            • asset
            • pills
              • pill
            • action
        • multiple-choice-checklist
        • navigation (Navigation drawer)
          • general-section
            • item
          • section
            • item
              • item
          • ❔navigation FAQs
        • notification
        • object-dropdown
        • object-list
          • action
        • object-repeat
        • object-table
          • action
          • column
            • action
            • edit-boolean
            • edit-date
            • edit-datetime
            • edit-integer
            • edit-number
            • edit-select
            • edit-text
            • edit-time
            • edit-typeahead
              • action
            • header-action
          • column-group
          • empty-action
          • 📖object-table Guides
            • Actions
            • Cell callouts
            • Column groups
            • Columns
            • Controlled object-table
            • Controls
            • Copy & paste data
            • Edit cells
            • Filters
            • Frozen columns
            • Fullscreen object-table
            • Mode
            • State
            • Styles
        • optionList
        • PhotonSync (transfer data offline)
        • power-bi
          • 📖Guide: PowerBI Embedding
        • scan-barcode
        • shortcut
        • sidebar
        • single-choice-dropdown
        • single-choice-radio
        • template
        • text-input
        • time-input
        • toggle
        • view
      • JS/TS Events
      • Show / Hide UI Components
      • View Templates
      • XML Fields (Attributes)
        • align-content
        • align-controls
        • align-label
        • bind
        • clear-button-visibility
        • control-order
        • disabled
        • error-message
        • icon-position
        • id
        • hide-if
        • modifier-text
        • label
        • label-case
        • label-color
        • on-change
        • on-press
        • placeholder
        • required
        • show-if
    • JS / TS APIs
      • Attachment
      • Bluetooth (Beta)
      • Broadcast
      • component
      • CSV
      • DB
      • HardwareBarcode
      • journey
        • journey.config
        • journey.container
        • journey.device
        • journey.diagnostics
        • journey.dialog
        • journey.files
        • journey.hardware
        • journey.photos
        • journey.runtime
        • journey.sensors
        • journey.viewStack
      • JourneyPrinter
      • KeyboardBarcode
      • LocalDB
      • NFC
      • OnlineDB
      • PhotonSync
      • SerialPort
      • ShortcutManager
      • TCPSocket
      • user
    • Extend your App with Custom Code
      • App packages
        • App packages overview
        • PDF report package
        • TypeScript library & unit tests
        • Manage External Dependencies
      • Custom HTML
    • Style & Customize your App
      • Style & configure UI components
        • Overview
        • Understand extendable themes
        • Use themes on a view
        • Theme specific components on a view
        • Examples
        • Debugging
        • ❔FAQs
      • Change your App Font
      • Custom Branding
        • Custom Container Features
        • Special Requirements for iOS Containers
    • Integrate your App
      • Backend integrations with CloudCode
      • Barcode Scanning
        • Barcode Scanning using Keyboard Emulation
        • Hardware Barcode Scanning
        • scan-barcode
      • Bluetooth Low Energy (BLE)
      • Broadcast API
      • HTTP requests (Fetch API)
      • JourneyApps Print (Android)
      • Maps and navigation
      • NFC
      • Opening external links/apps
      • Serial Port
      • TCP Sockets
    • Design Intuitive Apps
      • UX Guidelines
      • Write Effective Copy
  • 📱App Features
    • RealWear® Voice Control
      • Automatic Voice Commands
        • Automatic Voice Commands - Advanced
      • Manual Voice Commands
    • App, Runtime and Container Updates
    • Batch Operations (App)
    • Call JS/TS Functions from XML
    • Capture GPS Locations
    • Push Notifications
    • Translations
    • XML Format Strings
    • Webhooks (External)
  • 🌐CloudCode
    • CloudCode Overview
    • Trigger a CloudCode Task
      • Trigger CC with a Schedule
      • Trigger CC via a Webhook
      • Trigger CC from an App
      • Trigger CC from Another Task
      • Trigger CC via HTTP
    • Attachments in CloudCode
    • Timezones
    • Advanced CloudCode Topics
      • Access Multiple DBs in CloudCode Tasks
      • Batch API (CloudCode)
      • CloudCode Dependencies
      • Configure HTTPS in CloudCode
      • Deployment environment variables
      • Local CloudCode Development
      • PDF Reports using CloudCode
      • Shared CloudCode Tasks
      • Translations in CloudCode
  • 📥Backend API
    • Introduction
    • API Reference
      • Retrieve All Objects
      • Query Objects
      • Sort Results
      • Limit and Skip
      • Count Objects
      • Create a New Object
      • Retrieve a Single Object
      • Update a Single Object
      • Delete a Single Object
      • Batch Operations (v4 API)
      • Oplog API
      • Retrieve the App Data Model
      • Manage App Users and Sessions
      • Field Representation
      • Error Responses
    • API Limits
    • Update to the V4 API
  • ⚙️Technical
    • Data Synchronization Priority
    • Device Diagnostics
    • JSON1 Query Engine
    • Improve App Performance
    • Security Measures
    • Supported Platforms
      • Web Container
      • Windows Installer
    • Domain Whitelist
  • 🖥️OXIDE
    • Get started with OXIDE
      • OXIDE Overview
      • Components of OXIDE
    • Configure Testing Deployments
    • Edit and Manage Files
      • How to Navigate to a Function
      • Manage External Dependencies
    • Create and Manage App Containers
    • Debugging & Troubleshooting
      • Common Troubleshooting Pointers
      • App Diagnostics Reports
      • Build Logs
    • OXIDE Workspaces
      • OXIDE Trees
  • ❕Deprecated Features
    • Deprecated Features and Components
Powered by GitBook
On this page
  • Data model and data rules file
  • Define the data buckets
  • Define what data is synced for each user role
  • Define what read & write access each user role has
  1. Build your App
  2. Configure your Data Model
  3. Data Rules

Real-world example for Data Rules

PreviousData ACLs - Limit access to dataNextFAQs

Last updated 2 years ago

Let’s looks at a real-world scenario as a use case for in your app.

As a reminder, data rules let you define (1) which data is synced to users’ devices, and (2) what read and write access users have to data (via DB and OnlineDB).

The scenario: You want sensitive app settings such as pricing data to be readable and writable by global admins, read-only by regional admins and not at all accessible (no read or write access) by normal users. A constraint is that the volume of this pricing data is too large for offline access for global admins, so they will only be able to access this data while online.

Data model and data rules file

We’ll define the following data model:

schema.xml
<?xml version="1.0" encoding="UTF-8"?>
<data-model>
    <model name="user" label="User">
        <field name="name" label="Name" type="text:name"/>
        <field name="role" label="Role" type="single-choice">
            <option key="normal">Normal User</option>
            <option key="regional_admin">Regional Admin</option>
            <option key="global_admin">Global Admin</option>
        </field>

        <!-- Normal users and regional admins belong to a region -->
        <belongs-to model="region" /> 

        <display>{name}</display>
    </model>

    <model name="region" label="Region">
        <field name="name" label="Name" type="text:name"/>
        
        <!-- Explicit relationships which we'll need to define our data buckets -->
        <has-many model="user" name="users" />
        <has-many model="client" name="clients" />
        <has-many model="pricing_template" name="pricing_templates" />
        <has-many model="pricing_item" name="pricing_items" />

        <display>{name}</display>
    </model>

    <model name="client" label="Client">
        <field name="name" label="Name" type="text:name"/>
        
        <belongs-to model="region" />

        <display>{name}</display>
    </model>

    <model name="pricing_template" label="Setting: Pricing Template">
        <field name="version" label="Version" type="text" />

        <belongs-to model="region" />
        <has-many model="pricing_item" name="pricing_items" />
        
        <display>{version}</display>
    </model>

    <model name="pricing_item" label="Setting: Pricing Item">
        <field name="key" label="Key" type="text" />
        <field name="value" label="Value" type="number" />

        <belongs-to model="pricing_template" />

        <!-- Explicit relationship added between pricing_item and region which we'll need to define our data buckets -->
        <belongs-to model="region" />
        
        <display>{key} : {value}</display>
    </model>

    <!-- ... -->

</data-model>

Note the following about the data model:

  1. Normal users, regional admins and global admins are distinguished by the role field on a user

  2. We have several explicit has-many relationships in the region model. These are also necessary for defining the data buckets as we’ll show below.

  3. We have a client model that belongs-to a region. Client data is not considered sensitive: normal users, and regional admins will have access to all clients in their region, and global admins will have access to all clients across all regions. We’ll show this in the data rules below.

  4. The pricing models, i.e. pricing_template and pricing_item, contain sensitive data. This data will be readable and writable by global admins, read-only by regional admins (for their region) and not at all accessible (no read or write access) by regular users. Additionally, admins will only be able to access these models using OnlineDB, since it’s too much data to sync to their devices.

Given the above, the data rules for this app could be implemented as follows:

data_rules.xml
<?xml version="1.0" encoding="UTF-8"?>
<data-rules version="3">
    <bucket via="self[role == normal]/region">
        <!-- NORMAL USERS: -->
        <!-- The user's region (bucket root) and its clients are synced, and are readable and writable -->
        <has-many name="clients" />

        <!-- The user's region's pricing data is not synced, and is not readable nor writable -->
        <has-many name="pricing_templates" read="none" write="none" />
        <has-many name="pricing_items" read="none" write="none" />
    </bucket>

    <bucket via="self[role == regional_admin]/region">
        <!-- REGIONAL ADMINS: -->
        <!-- The user's region (bucket root) and its clients are synced, and are readable and writable -->
        <has-many name="clients" />

        <!-- The user's region's pricing data is synced, and is read-only -->
        <has-many name="pricing_templates" read="any" write="none" />
        <has-many name="pricing_items" read="any" write="none" />
    </bucket>

    <global-bucket via="self[role == global_admin]" >
        <!-- GLOBAL ADMINS: -->
        <!-- All clients and regions are synced, and readable and writable -->   
        <model name="client" read="any" write="any" />
        <model name="region" read="any" write="any"/>

        <!-- Pricing data is not synced, but is readable and writable via OnlineDB -->
        <model name="pricing_template" read="online" write="any" />
        <model name="pricing_item" read="online" write="any" />
    </global-bucket>
</data-rules>

Let’s dive into these data rules.

Define the data buckets

    <bucket via="self[role == normal]/region">
        ...
    </bucket>

    <bucket via="self[role == regional_admin]/region">
       ...
    </bucket>

Global admins have access to all data across all regions, so we can define a global bucket for these users:

    <global-bucket via="self[role == global_admin]" >
        ...
    </global-bucket>

Define what data is synced for each user role

For normal users and for regional admins the following data is synced: the region object that the user belongs to (as the bucket root), and all clients belonging to this region (per the <has-many name="clients" /> relationship). These object groups sync because of the implicit read="any" rule on both the bucket (which includes its root object) and the <has-many name="clients" /> relationship. read="any" is the default that is applied if no read attribute is specified.

For regional admins, the pricing data belonging to their region is also synced. This can be seen by the explicit read="any" attribute on these relationships:

        <has-many name="pricing_templates" read="any" write="none" />
        <has-many name="pricing_items" read="any" write="none" />

For global admins, all clients and regions are synced:

        <model name="client" read="any" write="any" />
        <model name="region" read="any" write="any"/>

For global admins, pricing data is not synced, but is accessible via OnlineDB. This is configured with the read="online" attribute on these models:

        <model name="pricing_template" read="online" write="any" />
        <model name="pricing_item" read="online" write="any" />

Define what read & write access each user role has

Normal users cannot read any pricing data - as shown by the read="none" attribute on these relationships:

        <has-many name="pricing_templates" read="none" write="none" />
        <has-many name="pricing_items" read="none" write="none" />

Regional admins can read the pricing data belonging to their region, but cannot write to it (write="none"):

        <has-many name="pricing_templates" read="any" write="none" />
        <has-many name="pricing_items" read="any" write="none" />

Global admins can read and write to all data: all regions, clients and pricing data. However, they can only query pricing data via OnlineDB, as is shown by the read="online" rule:

        <model name="pricing_template" read="online" write="any" />
        <model name="pricing_item" read="online" write="any" />

Normal users and regional admins belong to a region. This relationship will form the root of their (we’ll talk about this more below).

Note that we have defined two and one .

The two object-specific data buckets are for normal users and regional admins respectively, since we need to group their data by the region these users belong to. This can be seen in the attribute:

Normal users and regional admins can read and write to the region they belong to, as well as all clients belonging to that region. This is because of the (read="any" and write="update,delete") and the implicit read="any" and write="any" rules on the <has-many name="clients" /> relationship.

For more info on the read / write syntax, see the data ACL syntax reference .

💻
data rules
data buckets
implicit default rules on the bucket root
here
object-specific buckets
global bucket
via