Realm Flexible Sync Permission

Matthew_Brimmer · September 19, 2022, 5:24pm

I am struggling to set up permission for realm flexible sync. I have four Realms. Two Realms sync only on the “userId”. The other two Realms sync if the “userIid” matches or the “sync” field is set to PUBLIC.

{
  "rules": {},
  "defaultRoles": [
    {
      "name": "admin",
      "applyWhen": {
        "%%user.custom_data.isAdmin": true
      },
      "read": true,
      "write": true
    },
    {
      "name": "user",
      "applyWhen": {},
      "read": {
        "$or": [
          {
            "userId": "%%user.id"
          },
          {
            "sync": "PUBLIC"
          }
        ]
      },
      "write": {
        "userId": "%%user.id"
      }
    }
  ]
}

This permission set causes errors since most of the collections don’t have the “sync” field. What is the best way to set up permission for this and are there any good guides out available? I haven’t found many useful docs or guides.

Tyler_Kaye · September 19, 2022, 5:32pm

Hi, when you say you have 4 realms, do you mean you have 4 collections? You are using “defaultRoles”, but there are also “collection-roles” (see here: https://www.mongodb.com/docs/atlas/app-services/sync/data-access-patterns/permissions/#type-specific-and-default-roles)

Therefore, you can set different roles for different collections. Please let me know if I misunderstood you though.

Thanks,
Tyler

Matthew_Brimmer · September 19, 2022, 5:56pm

I have four Realms and each one has different collections and they each have different sync queries in the app. I think this is what I need. I can have userId rules in the default and then each collection that needs additional sync permission will have a collection based rule?