On this page
Realm enforces dynamic, user-specific read and write permissions to secure the data in each partition. You define permissions with JSON rule expressions that control whether or not a given user has read or write access to the data in a given partition. Realm evaluates a user's permissions every time they open a synced realm.
A user with read permissions for a given partition can view all fields of any object in the corresponding synced realm. Read permissions do not permit a user to modify data.
A user with write permissions for a given partition can modify the value of any field of any object in the corresponding synced realm. Write permissions require read permissions, so any user that can modify data can also view that data before and after it's modified.
You can structure your read and write permission expressions as a set of permission strategies that apply to your partition strategy. The following strategies outline common approaches that you might take to define sync read and write permissions for your app.
You can define global permissions that apply to all users for all partitions. This is, in essence, a choice to not implement user-specific permissions in favor of universal read or write permissions that apply to all users.
To define a global read or write permission, specify a boolean value or a JSON expression that always evaluates to the same boolean value.
This expression always evaluates to
Permissions for Specific Partitions¶
You can define permissions that apply to a specific partition or a groups of partitions by explicitly specifying their partition values.
This expression means that all users have the given access permissions for data with a partition value of
This expression means that all users have the given access permissions for data with any of the specified partition values.
Permissions for Specific Users¶
You can define permissions that apply to a specific user or a group of users by explicitly specifying their ID values.
This expression means that the user with id
This expression means that any user with one of the specified user ID values has the given access permissions for data in any partition.
Permissions Based on User Data¶
You can define permissions that apply to users based on specific data defined in their custom user data document, metadata fields, or other data from an authentication provider.
This expression means that a user has read access to a partition if the partition value is listed in the
This expression means that a user has write access to a partition if the partition value is listed in the
You can define complex dynamic permissions by evaluating a function that returns a boolean value. This is useful for permission schemes that require you to access external systems or other custom logic that you cannot express solely in JSON expressions.
This expression calls the