Database Manual / Security

Implement Field Level Redaction实施字段级补救措施

The $redact pipeline operator restricts the contents of the documents based on information stored in the documents themselves.$redact管道运算符根据文档本身存储的信息限制文档的内容。

Diagram of security architecture with middleware and redaction.

To store the access criteria data, add a field to the documents and embedded documents. To allow for multiple combinations of access levels for the same data, consider setting the access field to an array of arrays. Each array element contains a required set that allows a user with that set to access the data.要存储访问条件数据,请向文档和嵌入文档添加字段。为了允许对同一数据进行多种访问级别组合,请考虑将访问字段设置为数组数组。每个数组元素都包含一个必需的集合,允许具有该集合的用户访问数据。

Then, include the $redact stage in the db.collection.aggregate() operation to restrict contents of the result set based on the access required to view the data.然后,在db.collection.aggregate()操作中包含$redact阶段,以根据查看数据所需的访问权限限制结果集的内容。

For more information on the $redact pipeline operator, including its syntax and associated system variables as well as additional examples, see $redact.有关$redact管道运算符的更多信息,包括其语法和相关系统变量以及其他示例,请参阅$redact

Procedure过程

For example, a forecasts collection contains documents of the following form where the tags field determines the access levels required to view the data:例如,forecasts集合包含以下形式的文档,其中tags字段确定查看数据所需的访问级别:

{
   _id: 1,
   title: "123 Department Report",
   tags: [ [ "G" ], [ "FDW" ] ],
   year: 2014,
   subsections: [
       {
           subtitle: "Section 1: Overview",
           tags: [ [ "SI", "G" ], [ "FDW" ] ],
           content:  "Section 1: This is the content of section 1."
       },
       {
           subtitle: "Section 2: Analysis",
           tags: [ [ "STLW" ] ],
           content: "Section 2: This is the content of section 2."
       },
       {
           subtitle: "Section 3: Budgeting",
           tags: [ [ "TK" ], [ "FDW", "TGE" ] ],
           content: {
               text: "Section 3: This is the content of section3.",
               tags: [ [ "HCS"], [ "FDW", "TGE", "BX" ] ]
           }
       }
   ]
}

For each document, the tags field contains various access groupings necessary to view the data. 对于每个文档,tags字段包含查看数据所需的各种访问分组。For example, the value [ [ "G" ], [ "FDW", "TGE" ] ] can specify that a user requires either access level ["G"] or both [ "FDW", "TGE" ] to view the data.例如,值[ [ "G" ], [ "FDW", "TGE" ] ]可以指定用户需要访问级别["G"]或两者都需要[ "FDW", "TGE" ]才能查看数据。

Consider a user who only has access to view information tagged with either "FDW" or "TGE". 考虑一个只能查看标记为"FDW""TGE"的信息的用户。To run a query on all documents with year 2014 for this user, include a $redact stage as in the following:要对该用户2014年的所有文档运行查询,请包含一个$redact阶段,如下所示:

var userAccess = [ "FDW", "TGE" ];
db.forecasts.aggregate(
   [
     { $match: { year: 2014 } },
     { $redact:
         {
           $cond: {
                    if: { $anyElementTrue:
                           {
                             $map: {
                                     input: "$tags" ,
                                     as: "fieldTag",
                                     in: { $setIsSubset: [ "$$fieldTag", userAccess ] }
                                   }
                           }
                        },
                     then: "$$DESCEND",
                     else: "$$PRUNE"
                  }
         }
     }
   ]
)

The aggregation operation returns the following "redacted" document for the user:聚合操作为用户返回以下“已编辑”文档:

{ "_id" : 1,
  "title" : "123 Department Report",
  "tags" : [ [ "G" ], [ "FDW" ] ],
  "year" : 2014,
  "subsections" :
     [
        {
          "subtitle" : "Section 1: Overview",
          "tags" : [ [ "SI", "G" ], [ "FDW" ] ],
          "content" : "Section 1: This is the content of section 1."
        },
       {
         "subtitle" : "Section 3: Budgeting",
         "tags" : [ [ "TK" ], [ "FDW", "TGE" ] ]
       }
     ]
}

Tip