Navigation

MongoDB Rules

Overview

When MongoDB Stitch accesses a MongoDB collection, it first evaluates any Rules and Filters that have been applied to the collection. Rules control read and write access to specific fields or entire documents, while filters determine which content is returned from a query.

Rules, Roles, and Permissions

A rule is a combination of a role and the permissions assigned to that role.

During each query to MongoDB, Stitch selects a single role as the one that is applied to the returned data set. To choose a role for the querying user, Stitch iterates through the list of roles associated with the collection, in the order you have specified, and selects the first role it finds where the apply_when condition evaluates to true.

When a role’s apply_when evaluates to true, Stitch evaluates each document that is returned against the role’s permissions; if no role’s apply_when evaluates to true, access is denied.

To learn more about Roles and Permissions, see MongoDB Roles and Permissions. To learn how to add a role to a collection, see Add MongoDB to Your Stitch App.

MongoDB Authorization

Stitch rules do not override the read and write access (i.e. authorization) that may have been set up separately in MongoDB. That is, Stitch rules determine whether a document, or specific fields in that document, are readable or writable; not whether the client has authorization to read or write to a particular database or collection.

Filters

Filters are similar to rules, but are applied prior to Stitch calling MongoDB, and can thus be used for both redaction of data and for performance improvements. Filters are applied to the query predicates.

To learn more about filters, see MongoDB Filters.

Validation

Collection rules can also be used to ensure that data is valid by comparing it to schema validation guidelines.

To learn more about validation, see MongoDB Schema Validation.