Hello, I see that it is possible to create roles and permissions that are document/field level. I, however, want to do the following and wondering if it is possible:
Each user has their own data that is in Collection X but can allow another user to view some of their data in this collection. Is this possible to do using roles and do level permissions?
Each user belongs to a group and that group has certain permissions for documents in a collection. (can I use a role that acts like a group for this?)
The document/field level permission you described is for the Atlas App services and not Atlas. It would be good if you can clarify your use case for us to be better able to help you. Also, can you provide any sample documents and explain what exactly are you looking for? This would help us better able to understand your ask.
Thanks for your response. Here is the scenario I am dealing with. Working with a Blazor app hosted in Azure; using Azure AD for authentication. Information for users creating accounts on the app are stored in a collection in MongoDB. These users can create objects which are also stored in a collection in Mongo.
We are using Mongo Atlas to store these collections.
Users can be part of a group and are allowed to view documents owned by the group. Some users are standalone - we want these users to be able to share the objects they create with other users - either read or write permissions.
The fact that the objects the users create are stored in Mongo is opaque to the users of the app.
I have been unable to map these requirements to the functionality provided by Mongo. Am I missing something? I am currently considering writing code in the app to support this. Document level permissions are supported in Atlas app services but I think that is not appropriate for my scenario. I’d appreciate your response.
Thanks for letting me know. The document/field level permissions that you described in your first post pertains to App Services and not Atlas. I would suggest you write this logic on your application side since it would be easier to control and manage. MongoDB also provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions granted, see Built-In Roles. To define custom roles, see Create a User-Defined Role.
