Search code examples
iosrealmrealm-mobile-platform

Realm Mobile Platform: public, private and shared databases?

This question comes from the perspective of someone who's familiar with CloudKit and is moving to the Realm Mobile Platform.

With CloudKit we have the concept of private, public and shared databases. The private belongs to the user, the public can be seen by every user and the shared database is like a view into a user's private database used to share data between a limited number of users (friends).

Let's say I want to allow two users to collaborate on a project, user A will create the project and invite user B to collaborate, which mechanism would I use with realm to allow this, without completely opening up user A's private realm to user B (only the records specific to the project user A wants to share)?

Solution

  • Right now Realm permissions are granular to the database (Realm) level. There's no way to grant specific permissions that only apply to a subset of the data in a given Realm.

    A high priority item on our roadmap are features to support working with partial copies of synced Realms. In the meantime, we'd recommend creating multiple private Realms for a given user to represent each subset of permissions. For example, you may have a truly private Realm for a given user, and one or more Realms for that user that represent data which can be shared with other users. In your specific case, you might want to create a Realm per project, rather than a Realm for all projects owned by a user.

    As for actually granting permissions, you may create a RLMSyncPermissionValue object and pass it into the appropriate API on RLMSyncUser (e.g. -[RLMSyncUser applyPermission:callback:] or -[RLMSyncUser revokePermission:callback:]) to grant or revoke a permission. This requires knowing the identity of the user, which is generated by the Realm Object Server when the user is created.

    You may also create a RLMSyncPermissionOffer object to represent an invitation by your user to another user to access their Realm (i.e. project). Such an object generates a string which can be passed to another user through a different channel (e.g. e-mail) and used to create a RLMSyncPermissionOfferResponse object to accept that offer.

    Finally, in addition to the partial replication support I mentioned earlier we also have a few other items in the pipeline to make collaborative use of synced Realms easier; we hope to have more to share very soon.