Can you restrict access to a realtime document?

Question

The sample app in the docs loads a file into a document and then very nicely keeps the document synchronized across all instances of the app. Awesome!

I don't understand when a user is allowed access to the realtime document. The load / save to the drive file is clearly regulated by permissions, but it seems that if I have the key to a realtime document I can make whatever changes I like to that document. Another user, who is allowed to save to the drive file, can get evil updates to the realtime doc and might naively save them to the backing file.

I've tested this briefly by removing access to a file and verifying that the blocked user can indeed still change the realtime document even after access to the drive file is blocked.

Does anyone know a way to block updates to the realtime document from someone that doesn't have access to the relatively-offline file?

Additionally, I'd like to give each collaborator private space in the document that other collaborators cannot affect. Does anyone know of plans for per-key permissions like Firebase supports?

Answer 1

Access to a Realtime file is restricted with sharing and permissions rights exactly the same way as regular Drive files. No user can modify it if they do not have access.

You can achieve the private collaborators part by having a separate private file. If this is not what you require, please give additional details.