Atlas App Services uses a strict rules system that prevents all operations unless they are specifically allowed. App Services determines if each operation is allowed dynamically when it receives the request from the client based on roles that you define.
Roles are sets of document-level and field-level CRUD permissions and are chosen individually for each document associated with a query. This guide walks through configuring one or more roles for a collection.
You must define at least one role before you can successfully query a collection.
This page describes data access rules for clusters where Atlas Device Sync is not enabled. Synced clusters use a different rules model, which takes precedence over non-sync rules. If sync is enabled for a cluster, any non-sync rules defined for the cluster do not apply.
For more information on data access rules for synced clusters, see Sync Rules and Permissions.