How to create permission only read in one collection and only read in another collection on flexible sync? (JAVA SDK)

multiface_biometria · September 29, 2022, 10:37am

I would like to know how to limit a collection to read-only and another to write-only, I made a rule in flexible but I am not able to implement a signature that follows these rules can anyone help me?

{
  "rules": {
    "AnalysisModel": [
      {
        "name": "anyperson",
        "applyWhen": {},
        "read": false,
        "write": true
      }
    ],
    "CoordinatesModel": [
      {
        "name": "anyperson",
        "applyWhen": {},
        "read": false,
        "write": true
      }
    ],
    "UserModel": [
      {
        "name": "anyperson",
        "applyWhen": {},
        "read": true,
        "write": true
      }
    ]
  },
  "defaultRoles": [
    {
      "name": "read-write",
      "applyWhen": {},
      "read": true,
      "write": true
    }
  ]
}

rule implemented in atlas

Credentials credentials = Credentials.anonymous();

            User userSync = app.login(credentials);

            SyncConfiguration config = new SyncConfiguration.Builder(userSync)
                    .initialSubscriptions(new SyncConfiguration.InitialFlexibleSyncSubscriptions() {
                        @Override
                        public void configure(Realm realm, MutableSubscriptionSet subscriptions) {

                            subscriptions.addOrUpdate(Subscription.create("anyperson",realm.where(UserModel.class)));

                        }
                    })
                    .allowQueriesOnUiThread(true)
                    .allowWritesOnUiThread(true)
                    .modules(new ModuleUserAndAnalysis())
                    .build();
            Realm.getInstanceAsync(config, new Realm.Callback() {
                @Override
                public void onSuccess(Realm realm) {
                    Log.v("EXAMPLE", "Successfully opened a realm.");
                }
            });

            realmConfig = config;

            return Realm.getInstance(realmConfig);
signature

Ian_Ward · October 2, 2022, 12:54pm

@multiface_biometria I’m not sure exactly what you are trying to do but perhaps Asymmetric Sync is what you are looking for?

Another option would be to have a read-only role?
something like:

{
   "name": "readonly",
   "applyWhen": {},
   "read": true,
   "write": false
}

multiface_biometria · October 3, 2022, 5:41pm

Thanks for the return.

What I really wanted is a rule and a signature to be read only in one collection and write only in another.

multiface_biometria · October 3, 2022, 5:46pm

{
“rules”: {
“Collection1l”: [
{
“name”: “only-write”,
“applyWhen”: {},
“read”: false,
“write”: true
}
],
“Collection2”: [
{
“name”: “read-write”,
“applyWhen”: {},
“read”: true,
“write”: true
}
]
}

I would like to know what signature I would use for collection 1 .
where is only written.

collection2 is using subscriptions.addOrUpdate(Subscription.create(“read-write”,realm.where(collection2.class)));

Sudarshan_Muralidhar · October 4, 2022, 4:40am

Write permissions require and imply read permissions, so unfortunately it’s not possible to make a rule with write-only (and not read) permissions.

Take a look at the docs on permissions: https://www.mongodb.com/docs/atlas/app-services/sync/data-access-patterns/permissions/#write-permissions

multiface_biometria · October 4, 2022, 12:56pm

Thanks for the return.

Is there any other way to implement a write-only collection?

The asymmetric mode for example?

Tyler_Kaye · October 5, 2022, 5:45pm

Asymmetric sync is write-only in the sense that noone can actually sync it down. It is ideal for things like metrics, logging, IoT measurements, etc. I suspect it might be what you are looking for, but I am curious why exactly you wany write-only permissions since it does seem like a bit of an anti-pattern to let someone write something that they are not allowed to read.

multiface_biometria · October 6, 2022, 8:46pm

Thank you very much for the feedback.

You made everything more understandable.

The ideal for me is to record a route taking the coordinate data and saving it directly in the mongo atlas, so if I cleaned the local data I would still have the atlas for consultation that would be used by an admin login.

in my app we don’t need to have the data on the device only in mongo atlas so I didn’t want to read anything from the atlas.

Tyler_Kaye · October 6, 2022, 10:24pm

If you never want your app to read any data locally / from atlas then Asymmetric sync is exactly what you want. It will essentially guarantee that everything you ever write will make it to Atlas (even if your device does not have service). The one caveat is that it is insert-only, meaning that you cant “update” objects but that makes sense considering that you cant “read” anything to update in the first place!

Excited for you to try it out and let us know if you have any other questions.

Thanks,
Tyler