Docs Menu

MongoDB Data Source Configuration Files

On this page

  • Service Configuration
  • MongoDB Clusters
  • MongoDB Data Lakes
  • Databases & Collections
  • Collection Schema
  • Relationships
  • Collection Rules
app/
└── data_sources/
└── <service name>/
├── config.json
└── <database>/
└── <collection>/
├── schema.json
├── relationships.json
└── rules.json
config.json
{
"name": "<Service Name>",
"type": "mongodb-atlas",
"config": {
"clusterName": "<Atlas Cluster Name>",
"readPreference": "<Read Preference>",
"wireProtocolEnabled": <Boolean>
}
}
Field
Description
name
String

Required. Default: mongodb-atlas

The service name used to refer to the cluster within this Realm app. The name may be at most 64 characters long and must only contain ASCII letters, numbers, underscores, and hyphens.

type
String
Required. For MongoDB Atlas clusters, this value is always "mongodb-atlas".
config.clusterName
String
Required. The name of the cluster in Atlas.
config.readPreference
String

The read preference mode for queries sent through the service.

Mode
Description
Realm routes all read operations to the current replica set primary node. This is the default read preference mode.
Realm routes all read operations to the current replica set primary node if it's available. If the primary is unavailable, such as during an automatic failover, read requests are routed to a secondary node instead.
Realm routes all read operations to one of the current replica set secondary nodes.
Realm routes all read operations to one of the replica set's available secondary nodes. If no secondary is available, read requests are routed to the replica set primary instead.
Realm routes read operations to the replica set member that has the lowest network latency relative to the client.
config.wireProtocolEnabled
Boolean
/data_sources/<Service Name>/config.json
{
"name": "<Service Name>",
"type": "datalake",
"config": {
"dataLakeName": "<Data Lake>"
}
}
Field
Description
name
String

Required. Default: mongodb-datalake

The service name used to refer to the data lake within this Realm app. The name may be at most 64 characters long and must only contain ASCII letters, numbers, underscores, and hyphens.

type
String
Required. For MongoDB Atlas data lakes, this value is always "datalake".
config.dataLakeName
String
Required. The name of the data lake in Atlas.

If you want to enforce a document schema for a collection, you can define a schema.json configuration file that contains a JSON schema for the documents. The root level schema must be an object schema, which has the following form:

/data_sources/<service>/<database>/<collection>/schema.json
{
"title": "<Object Type Name>",
"bsonType": "object",
"properties": {
"<Property Name>": { <Schema> },
...
}
}
/data_sources/<service>/<database>/<collection>/relationships.json
{
"<Source Field Name>": {
"ref": "#/relationship/<Data Source Name>/<Database Name>/<Collection Name>",
"source_key": "<Source Field Name>",
"foreign_key": "<Foreign Field Name>",
"is_list": <Boolean>
},
...
}
Field
Description
ref
String

A JSON schema $ref string that specifies the foreign collection. The string has the following form:

#/relationship/<Data Source Name>/<Database Name>/<Collection Name>
source_key
String
The name of the field in this collection's schema that specifies which documents in the foreign collection to include in the relationship. A foreign document is included if source_key contains the value of its foreign_key field.
foreign_key
String
The name of the field in the foreign collection's schema that contains the value referenced by source_key.
is_list
Boolean

If true, the relationship may refer to multiple foreign documents (i.e. a "to-many" relationship). The source_key field must be an array with elements of the same type as the foreign_key field.

If false, the relationship may refer to zero or one foreign documents (i.e. a "to-one" relationship). The source_key field must be the same type as the foreign_key field.

Example

An ecommerce app defines a relationship between two collections: each document in store.orders references one or more documents in the store.items collection by including item _id values in the order's items array. Both collection are in the same linked cluster (mongodb-atlas) and database (store).

The relationship is defined for the orders collection:

/data_sources/mongodb-atlas/store/orders/relationships.json
{
"items": {
"ref": "#/relationship/mongodb-atlas/store/items",
"source_key": "items",
"foreign_key": "_id",
"is_list": true
}
}

If the data source is not a synced cluster or a data lake, then you can define collection-level rules in a collection's rules.json configuration file.

/data_sources/<service>/<database>/<collection>/rules.json
{
"database": "<Database Name>",
"collection": "<Collection Name>",
"roles": [<Query Role>],
"filters": [<Query Filter>]
}
Field
Description
database
String
The name of the database that holds the collection.
collection
String
The name of the collection.
roles
Array<Document>

An array of query role configuration documents, which have the following form:

{
"name": "<Role Name>",
"apply_when": <JSON Expression>,
"insert": <Boolean|JSON Expression>,
"delete": <Boolean|JSON Expression>,
"read": <Boolean|JSON Expression>,
"write": <Boolean|JSON Expression>,
"search": <Boolean|JSON Expression>,
"fields": {
"<Field Name>": {
"read": <Boolean|JSON Expression>,
"write": <Boolean|JSON Expression>,
"fields": <Fields Document>
},
...
},
"additional_fields": {
"read": <Boolean|JSON Expression>,
"write": <Boolean|JSON Expression>
},
}
Field
Description
name
String
The name of the role. Role names are useful for identifying and distinguishing between roles. Limited to 100 characters or fewer.
apply_when
Document
A JSON Expression that evaluates to true when this role should be applied.
read
Boolean or Document
Default: false

A boolean or JSON Expression that evaluates to true if the role has permission to read all fields in the document.

Document-level read permissions take priority over any field-level permissions. If a role has a document-level read rule, it applies to all fields in the document and cannot be overridden. To define specific field-level rules with a default fallback, use additional_fields instead.

write
Boolean or Document
Default: false

A boolean or JSON Expression that evaluates to true if the role has permission to add, modify, or remove all fields in the document.

Document-level write permissions take priority over any field-level permissions. If a role has a document-level write rule, it applies to all fields in the document and cannot be overridden. To define specific field-level rules with a default fallback, use additional_fields instead.

Important
Implicit Read Permission

Any time a role has write permission for a particular scope it also has read permission even if that is not explicitly defined.

Note
MongoDB Expansions

You can use MongoDB expansions, like %%root and %%prevRoot, in write JSON expressions.

insert
Boolean or Document
Default: true

A boolean or JSON Expression that evaluates to true if the role has permission to insert a new document into the collection.

Note

Document-level insert permission does not imply that a role can insert any document. The role must also have write permission for all fields in an inserted document for the insert to succeed.

delete
Boolean or Document
Default: true
A boolean or JSON Expression that evaluates to true if the role has permission to delete a document from the collection.
search
Boolean or Document
Default: true

A boolean or JSON Expression that evaluates to true if the role has permission to search the collection using Atlas Search.

Important

Realm performs $search operations as a system user and enforces field-level rules on the returned search results. This means that a user may search on a field for which they do not have read access. In this case, the search is based on the specified field but no returned documents include the field.

fields
Document
Default: {}

A document where the value of each field defines the role's field-level read and write permissions for the corresponding field in a queried document.

"fields": {
"<Field Name>": {
"read": <Boolean|JSON Expression>,
"write": <Boolean|JSON Expression>,
"fields": <Fields Document>
},
...
}
Note
Permission Priority

Document-level read or write permissions override all field-level permissions of the same type. If permissions are defined for a field that contains an embedded document, those permissions override any permissions defined for the document's embedded fields.

fields.<Field Name>.read
Boolean or Document
Default: false
A boolean or JSON Expression that evaluates to true if the role has permission to read the field.
fields.<Field Name>.write
Boolean or Document
Default: false
A boolean or JSON Expression that evaluates to true if the role has permission to add, modify, or remove the field.
fields.<Field Name>.fields
Document
Default: {}

A fields document that defines read and write permissions for fields that are embedded within this field in a queried document.

See the Field-level Permissions for Embedded Documents role pattern for more information.

additional_fields
Document
Default: {}

A document that defines the role's field-level read and write permissions for any fields in a queried document that don't have explicitly defined permissions.

"additional_fields": {
"read": <Boolean|JSON Expression>,
"write": <Boolean|JSON Expression>
}
additional_fields.read
Boolean or Document
Default: false
A boolean or JSON Expression that evaluates to true if the role has permission to read any field that does not have a field-level permission definition.
additional_fields.write
Boolean or Document
Default: false
A boolean or JSON Expression that evaluates to true if the role has permission to add, modify, or remove any field that does not have a field-level permission definition.
filters
Array<Document>

An array of query filter configuration documents, which have the following form:

{
"name": "<Filter Name>",
"apply_when": <JSON Expression>,
"query": <Query Document>,
"projection": <Projection Document>
}
Field
Description
name
String
Required. The name of the filter. Filter names are useful for identifying and distinguishing between filters. Limited to 100 characters or fewer.
apply_when

Required. A JSON expression that determines when this filter applies to a given query.

Important

MongoDB Realm evaluates and applies filters before it reads any documents, so you cannot use MongoDB document expansions in a filter's Apply When expression. However, you can use other expression variables, such as %%user, %%values, and %function.

query
Document

Required. A MongoDB query filter that contains additional query predicates to merge into incoming queries that the filter applies to.

Example

A filter that withholds documents that have a score below 20 could use the following filter query:

{ "score": { "$gt": 20 } }
projection
Document

Required. A MongoDB projection document that specifies additional field projections to merge into incoming queries that the filter applies to.

Important
Projection Conflicts

MongoDB projections can be either inclusive or exclusive, i.e. they can either return only specified fields or withhold fields that are not specified. If multiple filters apply to a query, the filters must all specify the same type of projection, or the query will fail.

Example

A filter that withholds the _internal field from all documents could use the following filter projection:

{ "_internal": 0 }
Give Feedback
© 2021 MongoDB, Inc.

About

  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.