Navigation

Delete or Prevent Users From Accessing a Realm Application

Delete or Disable a User

There may be a situation when you need to disable or completely remove a user from your Realm app. To do so, use the following procedure:

  1. Select Users from the left-hand navigation.
  2. Select either Confirmed or Pending, depending on the current state of the user you wish to delete.
  3. Under the Users tab, find a user in the list and click on the ellipsis (...).
  4. Choose either Disable User or Delete User. Both options invalidate all access tokens and refresh tokens for the user, and the user can no longer log in. Delete User also removes the account from your Realm app. Users who are not yet confirmed cannot be disabled, only deleted.

Note

Deleting a user will not automatically delete any data in your linked MongoDB Atlas cluster that you have associated with that user. For example, if you have a todo_items collection with an "owner_id" field, deleting a user will not automatically delete all of their To-Do items. You will need to manually remove those documents from your database if you want to remove all traces of that user fully.

Revoke a User’s Sessions

Situations may arise where you need to log a particular user out of all of their sessions and prevent them from making further requests until they reauthenticate. The Realm admin console makes this a straightforward process.

Use the following procedure to revoke all the sessions for a particular user:

  1. Select Users from the left-side navigation.
  2. Under the Users tab, find a user in the list and click on the ellipsis (...).
  3. Click Revoke all sessions. This invalidates all access tokens and refresh tokens for that user, meaning that to perform any further requests in any of their sessions, users will need to reauthenticate.

Summary

  • You can delete or disable Realm app users through the Realm UI.
  • You can log out Realm app users from all of their sessions through the Realm admin console.