The only use I can see for Security Rolls in CloudKit is granting another team member access to the cloudkit Dashboard in order to modify the tables in the dashboard? Is this correct, or am I missing something?
Currently I am the only one who can login to the dashboard and I can't add another team Member. I think this is because I am registered as a single developer with Apple? I was hoping to use this to set up some type of security on the public database but it seems that I can't do that with security roles.
I am trying to set up three different types of users for the public database:
I will have 3 apps running in this same container.
1.) Admin - Separate App
2.) Consumer - Separate App
3.) Contractor - Separate App
I found this thread:
How do I access security role in cloudkit
It appears that I have to add the security in each app to access only the data allowed for that type of user?
I have setup multiple apps sharing the same container, you need to not only configure this in Xcode itself, but also in the code you write.
let container = CKContainer(identifier: "iCloud.yourDB")
let publicDB = container.publicCloudDatabase
Access is granted on a iCloud user basis, not an app basis. So if your going to have all three apps running on devices using the same iCloud ID, than they will all have access to the same public & private databases, with the default permissions.
You would need "code" the ability to "create" & "write-to" your database in the admin app. Presumably "write-to" the database in the contractor app and "read-from" the database in your consumer app; an example scenario.
However if the plan is for multiple iCloud users to use different apps sharing the same container, than your options are more limited. The private database is just that, private. So different iCloud users cannot share the same private database, you can not change the permissions period, they can only share the public database.
In the public database default permissions will grant everybody read access, only allow authenticate [logged into iCloud account] users the ability to create new records and link said created records with the users that created them.
Put another way if an authenticated User [A] creates a record in the public database, user [B] can read it, but has no write access to update it; you would/could change access to give them the right to do so if you that was a requirement, a change you would make on the dashboard.
But beware, the quota on the public database are not linked to the iCloud accounts as I understand it, they are linked to the app. So if you create an app that dumps large amounts of data into the public database; Apple will send you the bill when/if your app user exceeds the public database quota allowed per user per app. [yes, so the more users for your app, the more public database quota you get, but you should/need to limit the amount individual users can claim to limit your liability for iCloud costs!]
I may have miss-understood Apple's description of how it works/is going to bill users/apps the last paragraph, open to clarification by all means.
