Reputation: 10203
Row level security in Azure Cosmos DB
I have a cosmos db system with a user table. Now I'm develop a client app that connects to cosmos db directly by cosmos sdk (iOS).
I'd like to add a security layer to make sure a user can't access other user records, some like select * from User c
Is there anyway to do this?
Thanks!
Upvotes: 2
Views: 2857
Answers (1)
Reputation: 23782
As we know from this link, Cosmos db has two types of keys:
For your need, you need to give up master keys, use resource tokens instead. It could provide access to specific document.
So my idea is:
When you create every row of data, you need to generate resource token which maps this user and store it as an additional column. Then when a user query data, he should provide his resource token (as security layer) to authenticate his permission of filtering data. Not every one uses master keys, it can't control the data isolation. Please refer to the model listed in above link:
Upvotes: 2
Related Questions
- Azure Cosmos DB read data using role based access control
- What permissions are needed in Cosmos Db to access to the database in the Azure portal and view data
- CosmosDB access only specific records for user
- Azure Cosmos DB - Access different data per user (SQL)
- CosmosDB encryption at rest
- Is user data encryption required with CosmosDB?
- Restrict user access to Azure CosmosDB MongoDB Database
- Azure CosmosDB anonymous read access
- Azure permissions to let someone access DocumentDB
- Best practice regarding Azure DocumentDB auth key?