DOCSP-35175 Refresh permissions when custom user data changes

[lindseymoore]

Pull Request Info

Jira ticket: https://jira.mongodb.org/browse/DOCSP-35175

• Define Custom User Metadata: Add new section on editing permissions in custom user data documents

Reminder Checklist

Before merging your PR, make sure to check a few things.

• Did you tag pages appropriately?
  • genre
  • programming_language
  • meta.keywords
  • meta.description
• Describe your PR's changes in the Release Notes section
• Create a Jira ticket for related docs-realm work, if any

Release Notes

Authenticate and Manage Users

• Define User Metadata: Create a new section on updating permissions using custom user data.

Review Guidelines

REVIEWING.md

[netlify]

✅ Deploy Preview for app-services ready!

Name	Link
🔨 Latest commit	d31fad8
🔍 Latest deploy log	https://app.netlify.com/sites/app-services/deploys/66992e2773d63e00083b4cf1
😎 Deploy Preview	https://deploy-preview-796--app-services.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[samuel-ping]

This is looking really good so far! I think I wasn't completely clear when explaining some things to you, that's definitely on me- the comments I left should address those.

I think an overarching idea is that on their own, custom user data documents don't do anything. They are just extra fields of information you can store for a user. You can reference custom user data in your roles, and the way your roles are set up will determine the permissions for a user.

Let me know if you have any more questions about anything!

[samuel-ping]

There's a slight detail where if you delete the document instead of unsetting the field, we just won't automatically update the employee's permissions. The permissions would still be updated if the end user closes and re-opens their app, for example.

Also, deleting the custom user data document doesn't necessarily mean that the employee's permissions are removed, as they could still have some permissions if the developer has a role set up with an empty apply_when expression as a catch-all.

[samuel-ping]

I think a more apt title might be along the lines of "Best Custom User Data Practices for Automatic Refreshing Permissions"

Reason being, I feel like the current title gives the idea that custom user data documents alone can set permissions, when in reality its all dependent on the roles the developer has set up.

[lindseymoore]

Simplified to Permissions and Custom User Data. I can workshop the title with copy reviewer, thanks!

[samuel-ping]

Also I know I provided you with the current example, but I actually think it would make sense to simplify the example to just the example provided in the Jira ticket. So for example with the following custom user data document:

{
   "_id": "63ed2erealobjectid78e526",
    "user_id": "63ed2dbe5960df2af7fd216e",
    "canRead": true,
    "canWrite": true,
}

If you wanted to remove this user's document and have the resulting permissions be automatically reflected for the user's sessions, you should first unset all of their non-ID fields. After that change, the above document would become:

{
   "_id": "63ed2erealobjectid78e526",
    "user_id": "63ed2dbe5960df2af7fd216e",
}

and the user's permissions will automatically refresh according to the roles. After that you can safely delete the custom user data document if you wish.

[netlify]

✅ Deploy Preview for app-services ready!

Name	Link
🔨 Latest commit	68b3384
🔍 Latest deploy log	https://app.netlify.com/sites/app-services/deploys/669ae20bb552fa0008a18950
😎 Deploy Preview	https://deploy-preview-796--app-services.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 33 Accessibility: 85 Best Practices: 75 SEO: 62 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[samuel-ping]

Everything looks good technically! I just left a couple of super nitpicky optional nitpicks, but I'll leave it up to you to decide whether you want to make the changes.

[cbullinger]

one suggestion, but otherwise lgtm!

[cbullinger]

Suggested change

	Permissions and Custom User Data
	Refresh User Permissions for Custom User Data

can't think of a better wording, but this is more about refreshing permissions, right?

[docs-builder-bot]

✨ Staging URL: https://preview-mongodbmongodb.gatsbyjs.io/atlas-app-services/master/

🪵 Logs

• job log: 24699713599c94fd9e413180cc1e4dc9412c775b