Define Sync Rules

On this page

MongoDB Realm enforces data access rules for all requests to a synced cluster. Sync rules are dynamic JSON expressions that specify a given user's ability to view and modify data in a synced partition.

Whenever a user opens a synced realm from a client app, Realm evaluates your app's rules and determines if the user has read and write permissions for the partition. Users must have read permission to sync and read data in a realm and must have write permission to create, modify, or delete objects. Write permission implies read permission, so if a user has write permission then they also have read permission.

Non-Sync Rules

This page describes data access rules for synced clusters. Non-synced cluster use a different rules model that sync rules override. If sync is enabled for a cluster, any non-sync rules defined for the cluster do not apply.

If your app does not use sync, check out MongoDB Collection Rules for more information on rules for non-synced clusters.

Sync rules apply to specific partitions and are coupled to your app's data model by the partition key. Consider the following behavior when designing your schemas to ensure that you have appropriate data access granularity and don't accidentally leak sensitive information.

  • Sync rules apply dynamically based on the user. One user may have full read & write access to a partition while another user has only read permissions or is unable to access the partition entirely. You control these permissions by defining JSON expressions.
  • Sync rules apply equally to all objects in a partition. If a user has read or write permission for a given partition then they can read or modify all synced fields of any object in the partition.
  • Write permissions require read permissions, so a user with write access to a partition also has read access regardless of the defined read permission rules.

You must define at least one valid schema for a collection in the synced cluster before you can define sync rules and enable sync.

At minimum, the schema must define _id and the field that you intend to use as your partition key. A partition key field may be a string, integer, or objectId.

For more details on how to define a schema, see Enforce a Document Schema.

  • Sync rules allow you to control who can read and write data in a given realm.
  • You can define rules in the Realm UI or by importing them with Realm CLI.
Give Feedback

On this page