read

Parse default ACL is - everyone can read and everyone can write.

Even for their User class.

That is a rather bad design.

The ‘Solution’

Parse official rep answered that you may use cloud code to apply an ACL with a beforeSave trigger.

Nice.

Until you get error the error:

Parse error 141 - Uncaught userId must be a string

And in your cloud code log, you clearly see an Uncaught userId must be a string

The Correct Solution

The correct way is to use the afterSave trigger (not beforeSave).

Parse.Cloud.afterSave(Parse.User, function(request) {
  var user = request.user;
  if (!user.existed()) {
    // ACL - only user can read and write
    user.setACL(new Parse.ACL(user));
    user.save();
  }
});

I wasted quite some time as I was misled by a flawed solution by a Parse rep.

And, I believed there are others who were misled, yet no one can reply to the flawed solution because comments are closed..