Delete or Prevent Users From Accessing a Realm Application¶
Delete or Disable a User¶
There may be a situation when you need to disable or completely remove a user from your Realm app. To do so, use the following procedure:
- Select App Users from the left navigation menu.
- Select either Confirmed or Pending, depending on the current state of the user you wish to delete.
- Under the Users tab, find a user in the list and click on
the ellipsis (
...
). - Choose either Disable User or Delete User. Both options invalidate all access tokens and refresh tokens for the user, and the user can no longer log in. Delete User also removes the account from your Realm app. Users who are not yet confirmed cannot be disabled, only deleted.
Deleting a user will not automatically delete any data in your
linked MongoDB Atlas cluster that you have
associated with that user. For example, if you have a todo_items
collection with an "owner_id"
field, deleting a user will not
automatically delete all of their To-Do items. You will need to
manually remove those documents from your database if you want to
remove all traces of that user fully.
Revoke a User's Sessions¶
Situations may arise where you need to log a particular user out of all of their sessions and prevent them from making further requests until they reauthenticate. The Realm admin console makes this a straightforward process.
Use the following procedure to revoke all the sessions for a particular user:
- Select App Users from the left navigation menu.
- Under the Users tab, find a user in the list and click on the ellipsis (
...
). - Click Revoke all sessions. This invalidates all access tokens and refresh tokens for that user, meaning that to perform any further requests in any of their sessions, users will need to reauthenticate.
Summary¶
- You can delete or disable Realm app users through the Realm UI.
- You can log out Realm app users from all of their sessions through the Realm admin console.