Security in my Project

Why can’t support raise the limit through chat?

I am not in the support team so I don’t know.

What is the cluster size you are using? Maybe you can buy temporary support for cases…

Btw why do you need so many users?? Whats the reason to handle this messy amount?

Also why can’t you use 3-4 projects to host all the users?

My cluster in the moment is a M2.

I have a Node.JS app on my clients that send information to a Mongo database. Each customer has their own database and cannot see each other, hence the need for database users. More details at: database-users/129721

Once sent, this data is viewed by a mobile application (React Native). Each user enters their email and password (Realm authentication) and views their respective database. The mobile app points to this project ID, it would be unfeasible for me to have 4 apps in the PlayStore doing the same thing and pointing to different project IDs.

Yea M2 is a shared tier for small applications

It can only have 100 database and 500 collections.

I am not sure if more than 100 users is allowed now or not but definitely you must have dedicated clusters if you need limitations increase otherwise those tiers are limited by design and there is nothing that can be done…

If you use realm as your data access why not to use realm users and rules

Having this amount of databases and collections is just not scalable and unadvised for any app design

I knew this, getting close to 100, I will upgrade to M10.

Tried but couldn’t because of BulkWrite. Would you help me? More details at: Alternative to limiting Database Users

Having this amount of databases and collections is just not scalable and unadvised for any app design

Customers use this mobile app to view their information, so I created a database for each one. What would be the recommended design? A single database and all collections separated by permission?

I would go for one database and maybe even one collection with owner_id indexed and mapped to each tenant/realm user.

You can base you roles and rules on it.

So instead of having, for example, 100 databases each with 3 collections, giving a total of 300 collections, would I just have 1 database with 3 collections and store everything there?

The difference would be that in each document I would have an owner_id field that would identify its owner by the user id?

Yes exactly. And you define the schema rules in realm to allow reading and writing only to specific owners .

“Users can only read and write their own data”

Cool … For each user I have a database, in each one I have 3 collections (customers, products and sales). I will then save ALL documents from ALL users in each of the collections, tagging each document with its unique user ID.

But there’s a problem… For example, let’s say the sales collection has 1,000,000 documents from 100 different users. So user A (who has only 2000 documents) performs a search, won’t he be slowed down by other people’s documents (998,000)?

I don’t know what it’s like in MongoDB in this case, but in traditional databases (MySQL, SQL, etc) it would be slow.


If you index the owner id field it will be the same as accessing a separate collection.

The index access is cheap if the portion of data search is high cardinality…

1 Like

Cool, thank you…

One question: what is “high cardinality”?

Another question… I put my owner_id as an integer. Would it be better if it was ObjectId?

High cardinality means the amount of data filtered is thin compare to overall of data.

The type of the field depand on your logic. If you use the authenticated users ids to do this I suppose its objectId by realm…

1 Like

but in terms of speed, can i use integer or objectId? would it be the same performance?

@Bruno_Nobre ,

I can not say without perf testing your specific app. You need to do a type that distinguish your users.

Usually I would use the user object and its id property from the logged in realm user User.Id. I think its based on ObjectId represented as a string.


I understand. But in my collection, each document belongs to a GROUP of registered users with email / password and not just one user.

So what I did was this, I put in each document an entire field called groupID and associated it with the groupID field I created for each user in the custom data. For example, user1 and user2 have groupID 1. User3 and user4 have groupID2 and so on.

The groupID is working correctly as an integer. If I put it as ObjectID, would it be better? I tried to test it, but I couldn’t generate a field with this type via NodeJS.