From ace5ad738768ada7dabe75859401ebf3756e0457 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 10 Jul 2024 13:50:09 -0400 Subject: [PATCH 01/18] DOCSP-35175 Refresh permissions when custom user data changes --- source/users/custom-metadata.txt | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index e466908a4..a1e8239da 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,6 +107,39 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. +Modify User Permissions in Custom User Data Documents +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Permissions will automaticlly refresh for a user when you change their custom +user data document. Their :ref:`user session ` +will terminate and then reconnect automatically. For user permissions to refresh +automatically, the custom user data documents should be stored in a normal collection (ref), +not a view (ref) or timeseries collection (ref). + +For permissions to refresh automatically, keep in mind the following when +removing permsisions from a user: + +1. Don't delete a custom user data document. Rather, unset the fields in the document. + + .. example:: + + Say you have the following custom user data document: + + .. code-block:: json + :caption: Need a custom user data document example.??????? + + { + "_id": "63ed2e4fb7f367c92578e526", + "user_id": "63ed2dbe5960df2af7fd216e", + "preferences": { + "preferDarkMode": true + }, + "dateOfBirth": "1989-03-11T00:00:00.000Z" + } + + +2. Don't unset the user ID field. Rather, unset all the non-ID fields. + Secure Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~ From c9241b043f60fe1ae2acb3df48723aa7630794df Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 10 Jul 2024 14:30:20 -0400 Subject: [PATCH 02/18] add link to permssions docs --- source/users/custom-metadata.txt | 50 ++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index a1e8239da..a3f106612 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -112,33 +112,41 @@ Modify User Permissions in Custom User Data Documents Permissions will automaticlly refresh for a user when you change their custom user data document. Their :ref:`user session ` -will terminate and then reconnect automatically. For user permissions to refresh -automatically, the custom user data documents should be stored in a normal collection (ref), -not a view (ref) or timeseries collection (ref). +will terminate and then reconnect automatically. -For permissions to refresh automatically, keep in mind the following when -removing permsisions from a user: - -1. Don't delete a custom user data document. Rather, unset the fields in the document. +For user permissions to refresh automatically, the custom user data +documents should be stored in a normal collection, +not in a :manual:`view ` or :manual:`time series ` collection. - .. example:: +For permissions to refresh automatically, don't delete a custom user data document. +Rather, unset all the non-ID fields in the document. - Say you have the following custom user data document: +.. example:: - .. code-block:: json - :caption: Need a custom user data document example.??????? + Say you have the following custom user data document: - { - "_id": "63ed2e4fb7f367c92578e526", - "user_id": "63ed2dbe5960df2af7fd216e", - "preferences": { - "preferDarkMode": true - }, - "dateOfBirth": "1989-03-11T00:00:00.000Z" - } - + .. code-block:: json + :caption: Need a custom user data document example?? + + { + "_id": "63ed2e4fb7f367c92578e526", + "user_id": "63ed2dbe5960df2af7fd216e", + "preferences": { + "preferDarkMode": true + }, + "dateOfBirth": "1989-03-11T00:00:00.000Z" + } + + Instead of deleting the document, unset the non-ID fields. The document would + then look like: + + .. code-block:: json + :caption: Need a custom user data document example.??????? -2. Don't unset the user ID field. Rather, unset all the non-ID fields. + { + "_id": "63ed2e4fb7f367c92578e526", + "user_id": "63ed2dbe5960df2af7fd216e" + } Secure Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~ From 1ab65e2bc0c94bc601ed78f5c9f6a5142d5b8c19 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 10 Jul 2024 14:31:12 -0400 Subject: [PATCH 03/18] remaining edits --- source/users/custom-metadata.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index a3f106612..2befd7c39 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -110,8 +110,8 @@ collection. Depending on your use case, you may: Modify User Permissions in Custom User Data Documents ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Permissions will automaticlly refresh for a user when you change their custom -user data document. Their :ref:`user session ` +:ref:`Permissions ` will automaticlly refresh for a user when you +change their custom user data document. Their :ref:`user session ` will terminate and then reconnect automatically. For user permissions to refresh automatically, the custom user data From 05ceb85f85b3eeda84e18eb96e41f9ed0f2684b2 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 16 Jul 2024 17:34:49 -0400 Subject: [PATCH 04/18] better example --- source/users/custom-metadata.txt | 53 ++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 2befd7c39..e7cfdaef1 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -123,30 +123,51 @@ Rather, unset all the non-ID fields in the document. .. example:: - Say you have the following custom user data document: + Consider a collection named ``employees`` where each employee has their own + document stating their level at the company. This collection might have + three roles: Junior, Senior, or Manager. + + Using the ````apply_when`` expression, the role for the employee is based on + the value of the ``level`` field in the employee's custom user data document. + The ``level`` field also has Junior, Senior, or Manager values. For example, + the ``apply_when`` expression for the role of Senior would look like: .. code-block:: json - :caption: Need a custom user data document example?? + :caption: Junior role with apply_when expression { - "_id": "63ed2e4fb7f367c92578e526", - "user_id": "63ed2dbe5960df2af7fd216e", - "preferences": { - "preferDarkMode": true - }, - "dateOfBirth": "1989-03-11T00:00:00.000Z" - } - - Instead of deleting the document, unset the non-ID fields. The document would - then look like: + "name": "Junior" + "apply_when": {"%%user.custom_data.level": "sneior"}, + ... + + } + + Say you you would like to remove the following employee's document + because they no longer work at the company: .. code-block:: json - :caption: Need a custom user data document example.??????? + :caption: Custom user data document { - "_id": "63ed2e4fb7f367c92578e526", - "user_id": "63ed2dbe5960df2af7fd216e" - } + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e", + "level": "senior" + } + + First, you need to correctly remove the employee's permissions, by unsetting + the non-ID fields. The document would then look like: + + .. code-block:: json + :caption: Correctly updated custom user data document + + { + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e" + } + + Unsetting the non-ID field allows App Services to remove the employee's + permissions, so the employee no longer has access. + You can now safely delete the document if necessary. Secure Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~ From 767dacff862d248fd9d6c76626c4f35278c1a793 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 16 Jul 2024 17:37:42 -0400 Subject: [PATCH 05/18] r=fix formatting --- source/users/custom-metadata.txt | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index e7cfdaef1..ba927893c 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -142,8 +142,8 @@ Rather, unset all the non-ID fields in the document. } - Say you you would like to remove the following employee's document - because they no longer work at the company: + Say you you would like to remove the following employee's document + because they no longer work at the company: .. code-block:: json :caption: Custom user data document @@ -154,20 +154,20 @@ Rather, unset all the non-ID fields in the document. "level": "senior" } - First, you need to correctly remove the employee's permissions, by unsetting - the non-ID fields. The document would then look like: + First, you need to correctly remove the employee's permissions, by unsetting + the non-ID fields. The document would then look like: - .. code-block:: json - :caption: Correctly updated custom user data document + .. code-block:: json + :caption: Correctly updated custom user data document - { - "_id": "63ed2erealobjectid78e526", - "user_id": "63ed2dbe5960df2af7fd216e" - } + { + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e" + } - Unsetting the non-ID field allows App Services to remove the employee's - permissions, so the employee no longer has access. - You can now safely delete the document if necessary. + Unsetting the non-ID field allows App Services to remove the employee's + permissions, so the employee no longer has access. + You can now safely delete the document if necessary. Secure Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~ From a1c02b9bec5b2a69b0fe385f0b3169d79c96f5b4 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 16 Jul 2024 17:41:22 -0400 Subject: [PATCH 06/18] edit --- source/users/custom-metadata.txt | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index ba927893c..5b6d8a4c1 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -127,9 +127,9 @@ Rather, unset all the non-ID fields in the document. document stating their level at the company. This collection might have three roles: Junior, Senior, or Manager. - Using the ````apply_when`` expression, the role for the employee is based on - the value of the ``level`` field in the employee's custom user data document. - The ``level`` field also has Junior, Senior, or Manager values. For example, + The ``level`` field in the employee's custom user data document also has + Junior, Senior, or Manager values. Using the ``apply_when`` expression, the + role for the employee is based on the value of the ``level`` field. For example, the ``apply_when`` expression for the role of Senior would look like: .. code-block:: json @@ -137,9 +137,8 @@ Rather, unset all the non-ID fields in the document. { "name": "Junior" - "apply_when": {"%%user.custom_data.level": "sneior"}, + "apply_when": {"%%user.custom_data.level": "senior"}, ... - } Say you you would like to remove the following employee's document From 6fbd08763795432383dcd21749b558020ae14297 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 16 Jul 2024 17:48:10 -0400 Subject: [PATCH 07/18] edit --- source/users/custom-metadata.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 5b6d8a4c1..98988708a 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -133,10 +133,10 @@ Rather, unset all the non-ID fields in the document. the ``apply_when`` expression for the role of Senior would look like: .. code-block:: json - :caption: Junior role with apply_when expression + :caption: Senior role with apply_when expression { - "name": "Junior" + "name": "Senior" "apply_when": {"%%user.custom_data.level": "senior"}, ... } From e0e64bca1e7e89d6a9910c5e3603365821de1354 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 16 Jul 2024 17:49:18 -0400 Subject: [PATCH 08/18] edit --- source/users/custom-metadata.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 98988708a..7b9d6dcea 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -115,7 +115,7 @@ change their custom user data document. Their :ref:`user session will terminate and then reconnect automatically. For user permissions to refresh automatically, the custom user data -documents should be stored in a normal collection, +documents should be stored in a normal collection and not in a :manual:`view ` or :manual:`time series ` collection. For permissions to refresh automatically, don't delete a custom user data document. From d31fad8349b636dc9cdbd6f6f5a15ada8e79d9fd Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 18 Jul 2024 11:00:43 -0400 Subject: [PATCH 09/18] tech edits --- source/users/custom-metadata.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 7b9d6dcea..36d0cf30d 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -110,7 +110,7 @@ collection. Depending on your use case, you may: Modify User Permissions in Custom User Data Documents ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -:ref:`Permissions ` will automaticlly refresh for a user when you +:ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` will terminate and then reconnect automatically. From 92542db42d4dbcaf748c25f394adcdefb9ee8317 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 18 Jul 2024 15:05:48 -0400 Subject: [PATCH 10/18] tech review comments --- source/users/custom-metadata.txt | 39 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 36d0cf30d..b7452ae28 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -123,36 +123,35 @@ Rather, unset all the non-ID fields in the document. .. example:: - Consider a collection named ``employees`` where each employee has their own - document stating their level at the company. This collection might have - three roles: Junior, Senior, or Manager. - - The ``level`` field in the employee's custom user data document also has - Junior, Senior, or Manager values. Using the ``apply_when`` expression, the - role for the employee is based on the value of the ``level`` field. For example, - the ``apply_when`` expression for the role of Senior would look like: + Consider the following document where the user is assigned read and write + permissions: .. code-block:: json - :caption: Senior role with apply_when expression + :caption: Custom user data document { - "name": "Senior" - "apply_when": {"%%user.custom_data.level": "senior"}, - ... + + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e", + "canRead": true, + "canWrite": true, } - Say you you would like to remove the following employee's document - because they no longer work at the company: + The ``canRead`` and ``canWrite`` fields help determine the roles for the collection + this document is in. For example, the ``canRead`` field is used to determine eligibility + for the following ``readAllRole`` in the ``apply_when`` expression: .. code-block:: json :caption: Custom user data document { - "_id": "63ed2erealobjectid78e526", - "user_id": "63ed2dbe5960df2af7fd216e", - "level": "senior" + "name": "readAllRole" + "apply_when": {"%%user.custom_data.canRead": true}, + ... } - + + Say you you would like to remove the user's document + because they haven't been active for an extended period of time. First, you need to correctly remove the employee's permissions, by unsetting the non-ID fields. The document would then look like: @@ -164,8 +163,8 @@ Rather, unset all the non-ID fields in the document. "user_id": "63ed2dbe5960df2af7fd216e" } - Unsetting the non-ID field allows App Services to remove the employee's - permissions, so the employee no longer has access. + Unsetting the non-ID field allows App Services to automatically + refresh the user's permissions according to the roles. You can now safely delete the document if necessary. Secure Custom User Data From df8d15e1e2e2211af5f364ef100ad700ef8bc2f0 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 18 Jul 2024 15:11:10 -0400 Subject: [PATCH 11/18] title update --- source/users/custom-metadata.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index b7452ae28..b8e9bc063 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,8 +107,8 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. -Modify User Permissions in Custom User Data Documents -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Best Custom User Data Practices for Automatically Refreshing Permissions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` @@ -137,8 +137,8 @@ Rather, unset all the non-ID fields in the document. "canWrite": true, } - The ``canRead`` and ``canWrite`` fields help determine the roles for the collection - this document is in. For example, the ``canRead`` field is used to determine eligibility + The ``canRead`` and ``canWrite`` fields help determine the roles for this document's + collection. For example, the ``canRead`` field is used to determine eligibility for the following ``readAllRole`` in the ``apply_when`` expression: .. code-block:: json From 7c7da573e4068b6498ef6892591ed4a0e50891be Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 18 Jul 2024 15:14:01 -0400 Subject: [PATCH 12/18] shorter title --- source/users/custom-metadata.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index b8e9bc063..d0dd8455d 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,8 +107,8 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. -Best Custom User Data Practices for Automatically Refreshing Permissions -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Permissions and Custom User Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` From 4dee4f82a15ae2b57a9ec88e439e7f1b9f41fe90 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 18 Jul 2024 15:16:42 -0400 Subject: [PATCH 13/18] typo --- source/users/custom-metadata.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index d0dd8455d..7b8ff7ee3 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -150,7 +150,7 @@ Rather, unset all the non-ID fields in the document. ... } - Say you you would like to remove the user's document + Say you would like to remove the user's document because they haven't been active for an extended period of time. First, you need to correctly remove the employee's permissions, by unsetting the non-ID fields. The document would then look like: From 5c5c21f806fac8bb1942f4bd572f720a2064c548 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Fri, 19 Jul 2024 13:34:08 -0400 Subject: [PATCH 14/18] tech review comments --- source/users/custom-metadata.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 7b8ff7ee3..f8f36b3c6 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -112,7 +112,7 @@ Permissions and Custom User Data :ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` -will terminate and then reconnect automatically. +will terminate and then refresh automatically. For user permissions to refresh automatically, the custom user data documents should be stored in a normal collection and @@ -130,14 +130,13 @@ Rather, unset all the non-ID fields in the document. :caption: Custom user data document { - "_id": "63ed2erealobjectid78e526", "user_id": "63ed2dbe5960df2af7fd216e", "canRead": true, "canWrite": true, } - The ``canRead`` and ``canWrite`` fields help determine the roles for this document's + The ``canRead`` and ``canWrite`` fields can help determine the roles for this document's collection. For example, the ``canRead`` field is used to determine eligibility for the following ``readAllRole`` in the ``apply_when`` expression: From d3e2c7464d9cee5131a7d50dc136f76f4269ff5c Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Fri, 19 Jul 2024 17:22:43 -0400 Subject: [PATCH 15/18] title change --- source/users/custom-metadata.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index f8f36b3c6..83595bcd5 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,8 +107,8 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. -Permissions and Custom User Data -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Modify User Permissions in Custom User Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` From 68caaea485c5edbeb51386992367423d0a431d58 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Fri, 19 Jul 2024 17:52:33 -0400 Subject: [PATCH 16/18] title change --- source/users/custom-metadata.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 83595bcd5..9873da255 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,8 +107,8 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. -Modify User Permissions in Custom User Data -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Best Practices for Modifying Permissions with Custom User Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :ref:`Permissions ` will automatically refresh for a user when you change their custom user data document. Their :ref:`user session ` From 385bf3ff0f3ad355877024a3d6fa9046e2229371 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Fri, 19 Jul 2024 17:58:14 -0400 Subject: [PATCH 17/18] placement --- source/users/custom-metadata.txt | 118 +++++++++++++++---------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 9873da255..422f4a784 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -107,65 +107,6 @@ collection. Depending on your use case, you may: standard CRUD operations from a Function, an Atlas Device SDK, a MongoDB driver, or MongoDB Compass. -Best Practices for Modifying Permissions with Custom User Data -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:ref:`Permissions ` will automatically refresh for a user when you -change their custom user data document. Their :ref:`user session ` -will terminate and then refresh automatically. - -For user permissions to refresh automatically, the custom user data -documents should be stored in a normal collection and -not in a :manual:`view ` or :manual:`time series ` collection. - -For permissions to refresh automatically, don't delete a custom user data document. -Rather, unset all the non-ID fields in the document. - -.. example:: - - Consider the following document where the user is assigned read and write - permissions: - - .. code-block:: json - :caption: Custom user data document - - { - "_id": "63ed2erealobjectid78e526", - "user_id": "63ed2dbe5960df2af7fd216e", - "canRead": true, - "canWrite": true, - } - - The ``canRead`` and ``canWrite`` fields can help determine the roles for this document's - collection. For example, the ``canRead`` field is used to determine eligibility - for the following ``readAllRole`` in the ``apply_when`` expression: - - .. code-block:: json - :caption: Custom user data document - - { - "name": "readAllRole" - "apply_when": {"%%user.custom_data.canRead": true}, - ... - } - - Say you would like to remove the user's document - because they haven't been active for an extended period of time. - First, you need to correctly remove the employee's permissions, by unsetting - the non-ID fields. The document would then look like: - - .. code-block:: json - :caption: Correctly updated custom user data document - - { - "_id": "63ed2erealobjectid78e526", - "user_id": "63ed2dbe5960df2af7fd216e" - } - - Unsetting the non-ID field allows App Services to automatically - refresh the user's permissions according to the roles. - You can now safely delete the document if necessary. - Secure Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~ @@ -449,6 +390,65 @@ Atlas Device SDKs: - :ref:`Swift SDK ` - :ref:`Web SDK ` +Best Practices for Modifying Permissions with Custom User Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:ref:`Permissions ` will automatically refresh for a user when you +change their custom user data document. Their :ref:`user session ` +will terminate and then refresh automatically. + +For user permissions to refresh automatically, the custom user data +documents should be stored in a normal collection and +not in a :manual:`view ` or :manual:`time series ` collection. + +For permissions to refresh automatically, don't delete a custom user data document. +Rather, unset all the non-ID fields in the document. + +.. example:: + + Consider the following document where the user is assigned read and write + permissions: + + .. code-block:: json + :caption: Custom user data document + + { + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e", + "canRead": true, + "canWrite": true, + } + + The ``canRead`` and ``canWrite`` fields can help determine the roles for this document's + collection. For example, the ``canRead`` field is used to determine eligibility + for the following ``readAllRole`` in the ``apply_when`` expression: + + .. code-block:: json + :caption: Custom user data document + + { + "name": "readAllRole" + "apply_when": {"%%user.custom_data.canRead": true}, + ... + } + + Say you would like to remove the user's document + because they haven't been active for an extended period of time. + First, you need to correctly remove the employee's permissions, by unsetting + the non-ID fields. The document would then look like: + + .. code-block:: json + :caption: Correctly updated custom user data document + + { + "_id": "63ed2erealobjectid78e526", + "user_id": "63ed2dbe5960df2af7fd216e" + } + + Unsetting the non-ID field allows App Services to automatically + refresh the user's permissions according to the roles. + You can now safely delete the document if necessary. + .. _auth-provider-metadata: Authentication Provider Metadata From 68b33841492c256986f4055714b8843cefc87e7a Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Fri, 19 Jul 2024 18:00:35 -0400 Subject: [PATCH 18/18] title --- source/users/custom-metadata.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/users/custom-metadata.txt b/source/users/custom-metadata.txt index 422f4a784..81c58eeb7 100644 --- a/source/users/custom-metadata.txt +++ b/source/users/custom-metadata.txt @@ -390,7 +390,7 @@ Atlas Device SDKs: - :ref:`Swift SDK ` - :ref:`Web SDK ` -Best Practices for Modifying Permissions with Custom User Data +Best Practices for Modifying Permissions in Custom User Data ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :ref:`Permissions ` will automatically refresh for a user when you