Tutorial - Management of Users and Permissions | Chino.io


The focus of this tutorial is to create a system for the management of Users granting them Permissions over resources in a way that they can access the only resources they are permitted to.

Note: We grant access over Schemas and Documents, explaining which Permissions are granted and why.

This tutorial is available for the following programming languages: {{languages.join(", ")}}. In the setup you can change programming language.

Use Case

We are going to use the following scenario for a better explanation of this tutorial:

We want to create a system for the management of visits that doctors perform to their patients. We are going to store visits in Documents.

In this tutorial we also manage Permissions over Users.

A Doctor can:

  • Create Documents with the visit's result

  • Grant Permissions to the patients to read the Documents he creates

A User can:

  • Read the Documents over which the doctor has granted him the read Permission

Resources used

The following list shows the Resources in Chino.io we use for this tutorial:

  • Repository: it's the main container which hold Schemas.

  • Schema: it's the resource which defines the structure of Documents. We define here the fields of the future Documents that we will create in it.

  • Document: it's the resource we will use to store sensitive data.

  • Permission: we use Permissions for a better management of Users.

Select language:

Register to Chino.io 

To register to our service go to consoleconsole, fill in the form, confirm the email and access.

Note: You can use Chino.io test environment for free.

Setup development environment

Install library

First thing to do is to setup an environment (optional) and install the SDK (mandatory)

(sudo) pip install git+https://github.com/chinoio/chino-python.git

Install library

First thing to do is to setup an environment (optional) and install the SDKs (mandatory)

There are two ways to install the SDKs:

If you're using Maven, then edit your project's pom.xml and add this:



If you're using Gradle, then edit your project's build.gradle and add this:

    allprojects {
        repositories {
            maven {
                url 'https://jitpack.io'

    dependencies {
        // ...
        compile 'com.github.chinoio:chino-java:1.0'

The other method is building the SDKs from source:

git clone https://github.com/chinoio/chino-java.git
    cd chino-java
    ./gradlew build

The output will be in build/

And if you want a "fat jar" with all the dependencies inside use the following commands:

git clone https://github.com/chinoio/chino-java.git
    cd chino-java
    ./gradlew build shadowJar

In order to perform network operations your Android manifest must include the following permissions:

<uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />


Every function in android must be called in an AsynkTask to avoid the main Thread to stop!

You can use Postman to try our rest API. We provide a Collection, to be imported in Postman, which allows you to easily test every call in this tutorial.

You can download Postman at this link.

SDK distribution

You can integrate the CHINO.io Swift SDK into your project using one of several methods.


To use CocoaPods, a dependency manager for Cocoa projects, you should first install it using the following command:

$ gem install cocoapods

Then navigate to the directory that contains your project and create a new file called Podfile. You can do this either with pod init, or open an existing Podfile, and then add

pod 'ChinoOSXLibrary', :git => 'https://github.com/chinoio/chino-ios.git', :tag => '1.0'

to the main loop. Your Podfile should look something like this:


target '<YOUR_PROJECT_NAME>' do
    pod 'ChinoOSXLibrary', :git => 'https://github.com/chinoio/chino-ios.git', :tag => '1.0'

Then, run the following command to install the dependency:

$ pod install

Once your project is integrated with the CHINO.io Swift SDK, you can pull SDK updates using the following command:

$ pod update

Write here your customer ID and Key

Here you can write your customerId and customerKey to have them filled out in the code. It's just for the purpose of the tutorial.

Click on the following button to add the Collection with the calls of this tutorial in Postman.
Postman will automatically set the values inserted in this page in the environment variables.

Note: if you want to add an environment in Postman, please fill the customer_id and customer_key in the box above.


First thing to do is to initialize our SDK.

We now have access to the SDK that wraps all the calls that Chino.io API offers.

Create a Repository

The next step is to create a Repository.

Repositories can be created via the API or via the console. For this first tutorial we create a Repository via the console.

We create a Repository using Postman

Note: without a Repository you can't create Schemas, and without Schemas you can't create Documents in which to store your data.

Once created we copy the (write here your repository_id) and we use it as constant in our code.

Create a Schema

The Schema represents the structure of the Document we want to store inside Chino. For this tutorial we store the following information:

  • patient_id : string - indexed the patient that we have visited

  • doctor_id : string - indexed a reference to a doctor that perform the visit

  • visit_type : string - indexed the type of the visit

  • visit : text - not indexed the response of the visit

  • date : datetime - indexed timestamp of when the visit was made

Note: if the field is indexed it can be used to search for Documents. Better explanations throughout this tutorial.

Note: this is the Schema over which we are going to grant Permissions.

We call this schema base_vist

Once created, copy the schema_id

Create an Application

An Application is necessary in order to authenticate Users to Chino.io. For this tutorial we create an Application with the password method for the login.

Note: if you don't know what an Application is or what is used for, please check this link.

Once created, copy here your application_id:

and your application_secret:

Create a UserSchema

We create a UserSchema which defines the following attributes of the Users:

  • name: string - indexed the name of the user

  • last_name: string - indexed the last name of the user

  • date_birth: date - indexed the date of birth of the user

  • role: text - not indexed the role of the user (if patient or doctor)

Once created, copy here your user_schema_id:

Create Users

For this tutorial we use a simple case study: a doctor and a patient who share Documents using a Schema. Doctor and patient are created under the same UserSchema.

Give permissions

The doctor needs to create new Documents in the Schema and read, update and delete the Documents he creates. He also needs to grant patients the permission to read his Documents.

Note: if you want to understand better how Permissions in Chino.io work please check the API and DOCs on this link.

Doctor creates a Document

We now log in as the doctor and create a new Document with the visit of the patient.

Note: as a doctor we can create a new Document because he has the permission create over the Schema.

Note: We must grant the permission read over the Document created for the reader, who lacks permissions over the Documents created under that Schema.

Doctor login in Postman:

Document creation in Postman:

Note: as we create a Document logged as doctor, it is important to make sure that the header contains the bearer_token of the doctor.

Read the Document created

We now try to log in as the patient and read the Document created by the doctor.

For Postman the process is similar to the Document creation logged as doctor.


We have implemented the authentication of Users and managed Permissions.


  • Organize Documents between multiple Schemas and Repositories

  • Create different UserSchemas to register different categories of Users: useful data about doctors are not always important for patients, and vice-versa