Security question: Getting the user id of the creator of an object


I am a realm developper. We are using fine grain permissions exclusively. I need to allow users to create a specific type of object (called a connection) which has a UID key containing the user id of the user. I have a Node.js server that is listening to all objects being created. What I want to do is make sure that the user who created the objects, signs it with his/her UID - not someone else’s and thereby spoofing the system. If the server can detect a UID mismatch, it could revert the change as the admin user. I don’t see anything in fine grain permissions that would allow me to do this.

Suggestions are welcome.


Richard Krueger