MongoDB.live, free & fully virtual. June 9th - 10th. Register Now MongoDB.live, free & fully virtual. June 9th - 10th. Register Now

User ownership of objects in a shared realm?

:wave: Hey, I’m researching Realm for a new project and I’m not quite sure I fully understand some architecture / security points of the system.

In many situations when storing data in any team or multi-user scenario I wish to also store a related user along with said data - the easy example being a real-time chat application in which you need to see which user sent which message.

I don’t see any obvious way using Realm to prevent a malicious user from connecting to the database with their credentials and inserting data impersonating another user. Perhaps I’m missing something or I don’t fully understand Realm’s architecture? If anyone can direct me to the correct solution for keeping user-data and object ownership secure that would be really great.

1 Like

I have the same question so many times over. With query based sync and object level permissions, which word is they are deprecating for full sync, everything seems possible.

I don’t know how to architect a system with full sync in any way that makes sense.