Data isolation in MongoDB Realm

Our customers are independent businesses, each with their own Realm Cloud database. This provides them with data isolation.

It appears from the naming conventions used in MongoDB Realm that databases are shards, or partitions, not separate databases. Is that the case?

@Nosl_O_Cinnhoj Yes - partitions are analogous to realms on the legacy realm object server/cloud. They are logical partitions of a MongoDB Database on MongoDB Atlas. An interesting new feature of the new MongoDB Realm - is that you can now use MongoDB drivers to do cross partition queries and writes, which was a limitation in the legacy realm.

So we have the option of each of our customers having their own MongoDB database using MongoDB Realm?

You have the capability to sync to multiple logical databases within a single MongoDB Atlas cluster. Currently a single MongoDB Realm cloud app syncs with a single cluster - we will look to remove this restriction in the future.

We might have to wait until that restriction is removed. Our customers are skittish about sharing a database with their competitors. It was hard enough convincing them to move from on-prem to the cloud. A shared database will freak many of them.

Will this restriction be removed before Realm Cloud reaches end-of-life on 22 November 2021?

We require timely advice on this matter. If data isolation is not available before that date we need to consider alternatives to Realm.

It is not currently in our scheduled work so I cannot guarantee when it will land

Thank you for being frank @Ian_Ward. Many of our customers would walk if they knew they were sharing a database with their competitors. We’d best start looking elsewhere.

Hi @Nosl_O_Cinnhoj,

Alternatively you could create a separate database per customer, and a separate Realm application per customer as well. This is to make sure that each application is to be configured to sync on the database for that particular customer.

You can have multiple applications sync against the same cluster, as long as they are not linked to the same set of databases for the underlying data in the rules config. See also Realm Sync Rules.


Thanks @wan but that would not work for us. Customers download, install and setup our app without intervention from us. We don’t have the ability (nor the desire) to configure a new app for each customer.

I am a Realm developer, so let me chime in with my two cents. You could give each customer a separate Realm application, so effectively each customer would have a separate MongoDB Atlas attached to that application. This does not mean that you need a separate mobile app for each customer, rather each customer simply needs a separate MongoDB Realm app id - that’s it. You would deploy one app for all your customers with separate realm apps for each one. Then comes the tricky part, so you would need the same universe of users for all these apps. The solution there is to go with a JWT authentication system for Realm - that keeps around one set users for all these apps. This is totally doable within the MongoDB Realm system. The JWT authentication system would keep around the customer’s realm app id and return it as part of the metadata. Upon signing in the customer would then open that realm app and use it to sync with. Each customer would be totally isolated from the other customers. Lastly each customer could even maintain administrative control over their Realm app and matching Atlas Cluster.

I would even go so far as to say that this is trivial to the most casual of observers. By the way, good luck doing this in Firebase - talk about the great monolithic system from the megalithic. Disclosure, I was a Firebase developer for three years.