Getting error when i give permission to account

i m creating a Account Without using a token

but when i give permission to this Account ,i m getting error (unauthorise)

Hi, deepakKashyap A user cannot give permission to data they do not have access to.
You cannot give permission without using a token. Your second query is an anonymous user trying to give access to someone else’s account.

What you want to do is to create the account as you have done, login with the new account then create a permission with the token.

after login, we receive a login token , but now when i trying to give permission using this token ,“Unauthorised” error occured.

Can you share the query which gives the unauthorised error response?

i m creating user with this feature…
after that i m login with credentials and give permission to Account using session token,
i m able to give account permissions with session token ,but getting error when i give permision to and Account.Owner with this session token

Who is the owner of the Phone object with that ID?

Support please create a Account without a session token ,and check who is the owner,if we create A object without Any token then the Admin on the object will “Database Admin ”,
my question is ,if i create a object without any token then which token will use to give permission……

I see you deleted this but I will answer anyway for the benefit of the community.
When data is created anonymously, it is assigned to the System Admin which created the instance from the Hypi UI. This user is kind of a super-admin.

There are many reasons why the anonymous user’s data is assigned to the system admin but probably the main one is that there is no reliable way to distinguish between two anonymous users. The platform cannot tell the difference between two of your anonymous users when you make an API request and so all anonymous requests are treated the same and the “Account” performing the operation has id anonymous.

We do not assign the data created by anonymous because if anonymous user 1 makes a request to create some data and anonymous user 2 makes another request to create their own data, then both would be able to see and manipulate each others data without limits.

The platform assigns all data created anonymously to the user that created the Hypi instance i.e. the super admin.

and if my login token is working to give Account permission then why login token is not working to give phone permission…

Because when an account is created it is handled specially, the hypi.createdBy field is set to the ID of the account that is about to be created rather than the ID of the account making the request.

I believe I understand your issue now as a result of this last message.

First, you are using the upsert function to create an Account. As I mentioned in your previous threads you should use the createAccount function.

I believe your issue is that the special handling of the account assigns the owner of the account to be itself but does not assign the owner of the Phone or any other data created anonymously to the new account being created.

I believe this is a bug and have raised an issue for our engineers to investigate and fix. I’ll report back here with an ETA for a path which resolves this or an update if this is the intended behaviour.

this solve my problem …thanks @Supporti m creating Account with (email,password) ,
after this, i m login with this credential and then updateusername,Phone,Name ,Now owner of the (name ,phone ) object is Account , so now no need to phone and name .

glad you’ve been able to progress. As support said, we’ll post an update regarding the permission of other data created with an account. The determination so far is that this is intended behaviour but we’re looking at whether that should change.

so now ,no need to give permission to these name and phone object…**********