Define Sync Permissions¶
Sync permissions determine a given user's read and write access to a specific partition. When a user opens a synced realm instance, Realm dynamically determines the user's permissions for the underlying partition based on Sync rules that you define.
You can structure your read and write permission expressions as a set of permission strategies that apply to the different partition strategies in your data model.
The following strategies outline common approaches that you might take to define sync read and write permissions for your app.
You can define global permissions that apply to all users for all partitions. To define a global read or write permission, specify a boolean value or a JSON expression that always evaluates to the same boolean value.
This expression always evaluates to
Permissions for Specific Partitions¶
You can define permissions that apply to a specific partition or a groups of partitions by explicitly specifying their partition values.
This expression means that all users have the given access permissions for data with a partition value of
This expression means that all users have the given access permissions for data with any of the specified partition values.
Permissions for Specific Users¶
You can define permissions that apply to a specific user or a group of users by explicitly specifying their ID values.
This expression means that the user with id
This expression means that any user with one of the specified user ID values has the given access permissions for data in any partition.
Permissions Based on User Data¶
You can define permissions that apply to users based on specific data defined in their custom user data document, metadata fields, or other data from an authentication provider.
This expression means that a user has read access to a partition if the partition value is listed in the
This expression means that a user has write access to a partition if the partition value is listed in the
You can define complex dynamic permissions by evaluating a function that returns a boolean value. This is useful for permission schemes that require you to access external systems or other custom logic that you cannot express solely in JSON expressions.
This expression calls the