How can i restrict user creation?


#1

Hi, I started to explore Realm cloud and i cannot find how to restrict user creation. Basically for an outsider to access my object server all is needed is the server https:// url, and from there users can be created at will. I need an “admin only way” of managing users. How can i do that ? Thanks.


#2

There is no official realm function for that.


#3

to me this seems like a big security issue or I am looking at things from a wrong perspective, on selfhosted version is there a way to restrict user creation and allow only admins to create users?


#4

why is it a security issue? Just dont give everyone read/write access.


#5

indeed i saw that rw access can be restricted but still it does not seem right that an anonymous user can connect to my server and create an account. it does not sound right, my company is prospecting using realm and i do not how i can tell them well realm is nice it does this that very well but you know anyone can connect to our server and create users (probably lots of them, potential flood/DDOS problem i see here) but there are permissions that restrict data access. i am still hoping that there is a way to restrict access to server.


#6

Hi iulian…

The default model for allowing anonymous users is to allow developer get quickly familiar with Realm.
We do not recommend this for production deployment.
Rather the recommendation is that you create users and roles and control access permissions.
See the documentation here:
https://docs.realm.io/platform/using-synced-realms/access-control


#7

You can also roll out your own authentication (or rely on 3rd party service, such as auth0) where you verify users’ accounts via sms or something similar.