3

I am creating a MERN Stack application. I am very confused about access permission to keys in my mongoDb schemas. I came from Firebase which allowed you to set up node level read/write access controls in the Firebase rules. Below is an example I wish to achieve.

There are 3 Schemas:

UserSchema : {
id : id,
name : String ,
email : String 
}

CompanySchema : {
createdByID : ref : userSchema,
team : [ref : userSchema],
Id : id,
name : String,
description : String,
}

SubDivisionSchema : {
createdById : ref : userSchema ,
company : ref : CompanySchema ,
name : String ,
calendar : [Object]
}

The flow that occurs is that a Company hires Users. They then deploy these users to subdivisions. By default all new hires at a company are of role type Team. The owner of the company can elevate their permissions to one of the permission below.

OWNER , ADMIN , HR , TEAM

Below are what these permissions can do:

Owner : CRUD on Business and CRUD on all subdivisions

Admin : RU on Business and CRUD on all subdivisions

HR : All read and only allowed to update the team on Business and all R and only allowed to update calendar on all subdivisions

Team : Only read on some fields on Business. Only read on subdivision they are assigned to.

I will also have subdivision access levels but if I can just understand how to give key-level access control rather than document-level access control, I think I can work from there.

Thank you!

Michael
  • 139
  • 1
  • 12
  • 1
    In mongodb granularity of permissions is only up to collection level, see also, https://stackoverflow.com/questions/43545978/how-can-i-implement-field-level-permissions-for-mongodb – v1shva Mar 09 '21 at 04:28

0 Answers0