Privacy of flexible sync

Hi,

Using flexible sync- isn’t that a little weird that users have theoretical access to the entire database- unless filtered by a query on their device? I mean, it’s got advantages I guess for sharing data, but it sounds a bit hack-prone doesn’t it?
I mean, the entire database is accessible to the client side app, which define rules/queries for accessing the user-specific data. Am I missing something/?

Hi, permissions are defined on the server to define the access rules for the system (and any particular user). Please see here for more details: https://www.mongodb.com/docs/atlas/app-services/sync/app-builder/device-sync-permissions-guide/

The view of data being synced down is a function of (a) the user’s permissions and (b) the users’s subscriptions

If you have any other questions, please let me know.

Best,
Tyler

Adding to the page Tyler mentioned, we also have a page in some of the SDK docs that goes into more details about how the combination of permissions and the Flexible Sync query determine what data can sync: https://www.mongodb.com/docs/realm/sdk/swift/sync/write-to-synced-realm/#determining-what-data-syncs

This page also has an example of what happens if you try to write data that doesn’t match the server-side permissions in App Services.

This page hasn’t made it to all of the SDKs yet, so apologies if you haven’t seen it in an SDK you’re working with.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.