Help Understanding the Permissions for Flexible Sync

Hey there!

We are struggling to bring the correct permission for Flexible Sync to live. So, just one question:

Why does the first one work, but the second don’t (Project1 and Project2 are representing the same collection. They just have different names for demonstration)?

{
	"rules": {
		"Project1": [{
			"name": "ProjectOwner1",
			"applyWhen": {},
			"read": {
				"ownerId": "%%user.id"
			},
			"write": {
				"ownerId": "%%user.id"
			}
		}],
		"Project2": [{
			"name": "ProjectOwner2",
			"applyWhen": {
				"ownerId": "%%user.id"
			},
			"read": true,
			"write": true
		}]
	}
}

Okay, a second question. This question is perhaps more directed at the Realm/MongoDB staff:
For me, managing permssions/roles/rules by editing a JSON is not only cumbersome, but also extremely confusing and error-prone. Can we expect a GUI (web frontend) to administer this in the future? That would be a huge relief. :nerd_face:

Thanks,
Frank

Hello Frank,

A sync role is applied per sync session (more specifically, at the start of the session, using the “applyWhen” expression), not per document. Thus, the “applyWhen” expression can’t reference fields in a document (in this case, “ownerId”), which is why the role under “Project2” is invalid.

Regarding your question about having a UI to edit sync rules - that is a project that the team is currently working on this quarter!

Best,
Jonathan

4 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.