How to use bulkUpdateMany?

Hello guys!

I’m struggling a bit when trying to use bulkUpdateMany…


I’ve created a column “Test” which is a number and has a default value 0 on my “User” table that has already 2k rows. As you know when we add a new column even if it has a default value it comes as “undefined” for the existent rows.

I’m trying to perform the new function provided by our beloved Moralis team (bulkUpdateMany) however, I’m not making it… could someone help me?

Code example:

   const queryUsers = [{ filter: { Test: undefined }, update: { Test: 0 } }];
  return await Moralis.bulkUpdateMany("User", queryUsers, {
    useMasterKey: true,

OBS: if I enable my table to public users be able to write then it works, but obviously I would like only to run it once so then I need the “useMasterKey: true”, but it isn’t working.

Error: Permission denied for action update on class _User.
    at handleError (moralis.js:25632)

probably unrelated, if you remove the filter there and try to set that Test to 0 for all the entries, it still fails with the same error message?

it looks like you are using the right syntax:

await Moralis.bulkUpdateMany("TableName", query, { useMasterKey: true })

User table in particular has ACL on every row, you may need to enable write for public to be able to register new users

1 Like

But in my question I’m not registering new users, I want to update the existent ones.

If I let the “write” enabled for users, will the users be able to run this bulkinsert appointing to my table? because I just did that and it worked…

I want to avoid any external call from runing database updates/posts in my database, only through my public methods. Is it possible? I mean , how should I do in order to have that? just hide all fields from public and keep the write access?

A user can not update the fields for other users from front end, but they can call a cloud function if you made one that does that.

You can protect your cloud function by checking that only you call it or a specific secret parameter is provided for example. Or run it once and comment it after that.

It may be better to create a separate table in your case where you keep additional user info, you can also use beforeSave hook to prevent current user from modifying the data from a column.

I’ll go for a separated table… for what I understood I can’t “hide” the column from the user, he has always permission to see it no matter the visibility I set on the column.

Thanks crypto kid