MongoDB api for CosmosDB restrict access

Question

I am coding an application using a database. For my needs I need to use MongoDB for CosmosDB.

I am beginner into this world of database and Web applications. I need to affect permissions to the Users, so that they are limited to some collections or some Databases.

At first I thought I would need a Broker, but it is much more thought for the Authentification. After reading a lot I have the impression that I need to discuss with CosmosDB MongoDB API with Rest Request.

Does someone can help me, to go into the right direction? I didn't post a code because I have tested so many things but I am not happy with.

Answer 1

I assume that you wanna an app which can obtain data from cosmosdb, but you also want to make some of the users of your app can't access some of the data.

So first, I think it's also important to know that cosmosdb mongo api just like that it adds some great features to mongodb, such as global distribution, elastically scale etc.

Then we should know that if we wanna achieve your goal, the first thing is making your app who's using it so it can know whether he can access the databases/collections. Here, cosmosdb provides options of using primary key, integrate azure ad to assign custom roles and using resource token.

Let's come to a simple scenario(you wanna some of the users can't visit all databases), can make your app integrate azure ad to achieve authentication, you can create a security group which added all those users who can access your database, and you stored database primary key and endpoint url in azure key vault. You could add that group in azure key vault access policy so that these users could obtain key and endpoint to instantiate a 'DocumentClient', and they can access database now while others can't.

CosmosClient client = new CosmosClient(endpointUrl, authorizationKey);

Here's the doc telling how to use resource tokens.

I've posted all I know so far, but pls feel free to let me know your further problems if exists.