DOCSP-35902 Security considerations for roles and query filtering (#663)

* DOCSP-35902 Security considerations for RBAC * add genre and meta * update TOC title * change page title back * add note about audit * correct genre value * fix spacing * spacing
mongodb · Feb 2, 2024 · 154e329 · 154e329
1 parent 23e09c7
commit 154e329
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/source/rules/filters.txt b/source/rules/filters.txt
@@ -5,6 +5,13 @@
 Filter Incoming Queries
 =======================
 
+.. meta::
+  :description: Learn how to filter a query to return only a subset of matching results. 
+
+.. facet::
+  :name: genre 
+  :values: tutorial
+
 .. default-domain:: mongodb
 
 .. contents:: On this page
@@ -307,3 +314,21 @@ from the App Services UI or by deploying configuration files with Realm CLI:
             .. code-block:: bash
 
                {+cli-bin+} push --remote="<Your App ID>"
+
+.. note:: Security Consideration for App Services Filters
+
+  While :ref:`Role-based Permissions <roles>` and Filters can hide specific 
+  documents and fields within a collection there is a potential that 
+  data can be exposed if the system allows arbitrary 
+  queries to access the collection. 
+
+  For example, queries or functions that 
+  raise errors depending on the values stored in a collection (such 
+  as division-by-zero errors) may reveal information about documents, even if 
+  a role or filter prevents the querying user from viewing 
+  documents directly. Users may also make inferences about the underlying data 
+  in other ways (such as by measuring query execution time, which can be affected 
+  by the data's distribution). 
+
+  Be aware that this is possible and audit your 
+  data access patterns where neccessary.
diff --git a/source/rules/roles.txt b/source/rules/roles.txt
@@ -11,6 +11,13 @@ Role-based Permissions
 
 .. default-domain:: mongodb
 
+.. meta::
+  :description: Learn how to define data access permissions using Role-based Permissions in App Services. 
+
+.. facet::
+  :name: genre 
+  :values: reference
+
 .. contents:: On this page
    :local:
    :backlinks: none
@@ -511,3 +518,21 @@ deploying configuration files with {+cli+}:
          .. code-block:: bash
 
             {+cli-bin+} push
+
+.. note:: Security Consideration for App Services Role-based Permissions
+
+  While Role-based Permissions and :ref:`Filters <filters>` can hide specific 
+  documents and fields within a collection there is a potential that 
+  data can be exposed if the system allows arbitrary 
+  queries to access the collection. 
+
+  For example, queries or functions that 
+  raise errors depending on the values stored in a collection (such 
+  as division-by-zero errors) may reveal information about documents, even if 
+  a role or filter prevents the querying user from viewing 
+  documents directly. Users may also make inferences about the underlying data 
+  in other ways (such as by measuring query execution time, which can be affected 
+  by the data's distribution). 
+
+  Be aware that this is possible and audit your 
+  data access patterns where neccessary.