[SERVER-33822] Allow public collections with enabled authentication Created: 12/Mar/18 Updated: 23/Apr/18 Resolved: 16/Mar/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | NOVALUE Mitar | Assignee: | Kelsey Schubert |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
One use case we are looking into is exposing one collection publicly (read-only) on the Internet, Instead of providing a custom API middleware to access it, we are pretty happy with providing directly the mongo language and access to all the data in the collection. But it seems this is not possible if we also want private collections at the same time (to keep data for the rest of the app logic, like permissions and authentication for users who can modify this public data). So I would like to request a way to assign a role to an unauthenticated user. |
| Comments |
| Comment by NOVALUE Mitar [ 17/Mar/18 ] |
|
You referenced this same issue in the comment above? Did you plan to reference some other issue? What I am trying to achieve is a low latency API. My experimentation showed that having a middleware has a problem that deserialization from BSON and then serialization to JSON for sending over regular APIs have a non-negligible cost. I an not sure if Stitch does here something smarter? But it seems Stitch is a cloud service, not software we could run ourselves? |
| Comment by Kelsey Schubert [ 16/Mar/18 ] |
|
Hi mitar, This behavior seems best to implement at the api level. As an alternative to a custom api, I'd suggest taking a look at MongoDB Stitch, which provides a solution to this use-case and would also address the use-case you raised in Kind regards, |