Docs Menu
Docs Home
/ /
Atlas App Services

Secure Your App

On this page

  • Overview
  • Application Users
  • Data Access Permissions
  • App Services Applications with Sync
  • MongoDB Atlas Data Sources
  • Values and Secrets
  • Summary

Atlas App Services provides a variety of security features to protect your data and prevent unauthorized access to your application. This includes things like:

  • Built-in user management

  • Data access permissions

  • Network security features

  • The ability to store and substitute values and secrets

You can secure App Services Apps with built-in user management. With the built-in user management of App Services, only authorized users can access your App. You can delete or disable users, and revoke user sessions. Users can log in with:

You can enable one or more authentication providers in the App Services backend, and then implement them in your client code. You can also link user accounts with client SDKs.

Use App Services data access rules to grant read and write access to data. Apps that use Atlas Device Sync define data access permissions during the process of enabling Device Sync. Apps that do not use Device Sync can link an MongoDB Atlas data source, and define permissions to perform CRUD operations on that data source.

MongoDB data access rules prevent operations where users do not have appropriate permissions. Users who do not meet your data access rules cannot view or modify data.

Atlas Device Sync allows you to define data access rules that determine which users can read or write which data. To learn how to configure these rules, refer to Role-based Permissions.

When you access MongoDB Atlas through App Services, you can define roles that enable users to read and modify data. App Services uses a strict rules system that prevents all operations unless they are explicitly enabled.

When you define a role, you create a set of CRUD permissions that App Services evaluates individually for each document associated with a query. You can set roles to have document-level or field-level access, and you can give roles read or read and write access. App Services blocks requests from roles that do not have permission to search or read data.


When you access MongoDB Atlas through an App with Atlas Device Sync enabled, the permissions you define for Device Sync apply, instead of the role-based permissions you define when you link an MongoDB Atlas data source.

App Services enables you to define values and secrets that you can access or link to from your application. This enables you to remove deployment-specific configuration data and sensitive information from your app's business logic. Instead, you refer to it by name and App Services substitutes the value when executing your request.

  • Built-in user management handles authentication and ensures only logged-in users can access your App.

  • Data access permissions enable you to specify read and write permissions for Atlas Device Sync, linked MongoDB Atlas data sources, and developers building your apps.

  • Network security features enable you to guard against unauthorized access from unknown IP addresses or URLs.

  • Store values and secrets and refer to them by name to remove sensitive information from your business logic.


Data Access Role Examples


Configure Network Security