Security Request

[GoogleCodeExporter]

From a user:

I can see two ways of how our users will approach this: 1.) One (1) user would 
want to only their data based on user ID or Device ID and would also not want 
others to see their data. 2.) One user would have multiple devices deployed and 
need to see all the data pertaining to those devices.  This case would allow a 
user to enter the device ids (or user ids) that they would need to keep track 
of.

Currently since we're still testing this with only 5 users everyone is happy to 
see others data but the group we're developing this for has had a few people 
mention they would not want others to see their data.  This is being used in a 
farming/gardening implementation and some folks that are in close proximity of 
each other might also be competing in the same market.

One other use that I have been asked to create is filling out digital versions 
of food safety forms and I figure those will all need to be kept private. 

Original issue reported on code.google.com by wbrune...@gmail.com on 5 May 2011 at 1:07

[GoogleCodeExporter]

Original comment by wbrune...@gmail.com on 13 Jun 2011 at 8:48

• Added labels: Aggregate

[GoogleCodeExporter]

The security model is for the Aggregate instance overall.  If you have multiple 
forms with different access requirements, we support that via deploying 
different appspot instances or different MySQL databases and multiple 
application instances in Tomcat.

This keeps security dead simple.

Original comment by mitchellsundt@gmail.com on 1 Jul 2011 at 8:19

• Changed state: WontFix