0

I have a server-side application that uses CloudKit Web Services to make changes to my CloudKit container. I generated a server-to-server key for this.

I want my server-side script to be able to update any record of type Person in my Public Database, but I'm getting an error:

[reason] => WRITE operation not permitted

[serverErrorCode] => ACCESS_DENIED

The options for the security roles for my Person record are as follows:

CloudKit Security Roles

If I check Write then it works and I don't get the error anymore.

But I'm concerned that I just gave all users of my app access to make changes to any record in that table. Is there a way to only allow write access to my application and its server-to-server key?

Clifton Labrum
  • 13,053
  • 9
  • 65
  • 128

1 Answers1

0

It's sad at how quiet the CloudKit community is on SO. Perhaps that's because the only people that really know how CloudKit works work at Apple. ;)

I saw in a 2016 WWDC talk that server-to-server requests happen as an "admin" user, so I'm guessing that it's safe to check the Write option for this record type.

Clifton Labrum
  • 13,053
  • 9
  • 65
  • 128