Skip to content

DOCSP-35175 Refresh permissions when custom user data changes #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Jul 19, 2024
Merged

DOCSP-35175 Refresh permissions when custom user data changes #796

Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
ace5ad7
DOCSP-35175 Refresh permissions when custom user data changes
lindseymoore Jul 10, 2024
c9241b0
add link to permssions docs
lindseymoore Jul 10, 2024
1ab65e2
remaining edits
lindseymoore Jul 10, 2024
05ceb85
better example
lindseymoore Jul 16, 2024
767dacf
r=fix formatting
lindseymoore Jul 16, 2024
a1c02b9
edit
lindseymoore Jul 16, 2024
6fbd087
edit
lindseymoore Jul 16, 2024
e0e64bc
edit
lindseymoore Jul 16, 2024
d31fad8
tech edits
lindseymoore Jul 18, 2024
92542db
tech review comments
lindseymoore Jul 18, 2024
df8d15e
title update
lindseymoore Jul 18, 2024
7c7da57
shorter title
lindseymoore Jul 18, 2024
4dee4f8
typo
lindseymoore Jul 18, 2024
5c5c21f
tech review comments
lindseymoore Jul 19, 2024
d3e2c74
title change
lindseymoore Jul 19, 2024
68caaea
title change
lindseymoore Jul 19, 2024
385bf3f
placement
lindseymoore Jul 19, 2024
68b3384
title
lindseymoore Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions source/users/custom-metadata.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,65 @@ Atlas Device SDKs:
- :ref:`Swift SDK <ios-custom-user-data>`
- :ref:`Web SDK <web-access-custom-user-data>`

Best Practices for Modifying Permissions in Custom User Data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:ref:`Permissions <permissions>` will automatically refresh for a user when you
change their custom user data document. Their :ref:`user session <user-sessions>`
will terminate and then refresh automatically.

For user permissions to refresh automatically, the custom user data
documents should be stored in a normal collection and
not in a :manual:`view </core/views/>` or :manual:`time series </core/timeseries-collections/>` collection.

For permissions to refresh automatically, don't delete a custom user data document.
Rather, unset all the non-ID fields in the document.

.. example::

Consider the following document where the user is assigned read and write
permissions:

.. code-block:: json
:caption: Custom user data document

{
"_id": "63ed2erealobjectid78e526",
"user_id": "63ed2dbe5960df2af7fd216e",
"canRead": true,
"canWrite": true,
}

The ``canRead`` and ``canWrite`` fields can help determine the roles for this document's
collection. For example, the ``canRead`` field is used to determine eligibility
for the following ``readAllRole`` in the ``apply_when`` expression:

.. code-block:: json
:caption: Custom user data document

{
"name": "readAllRole"
"apply_when": {"%%user.custom_data.canRead": true},
...
}

Say you would like to remove the user's document
because they haven't been active for an extended period of time.
First, you need to correctly remove the employee's permissions, by unsetting
the non-ID fields. The document would then look like:

.. code-block:: json
:caption: Correctly updated custom user data document

{
"_id": "63ed2erealobjectid78e526",
"user_id": "63ed2dbe5960df2af7fd216e"
}

Unsetting the non-ID field allows App Services to automatically
refresh the user's permissions according to the roles.
You can now safely delete the document if necessary.

.. _auth-provider-metadata:

Authentication Provider Metadata
Expand Down