Some of our security (and performance) problems can be resolved through limiting access to certain fields and records in our data collections, for example, if the
owner field of a record isn't sent to the client, a potential hacker will never be able to get the
userId value of another user. Likewise, if only records belonging to a certain
userId, or ones marked for sharing, are passed to the client, private records can stay private and visible only to the user that created them. This recipe will show you how to create a façade to limit fields and records being sent to the client.
Please complete the Securing data transactions with allow and deny recipe found in this chapter, including the additional