Implement Field Level Redaction
On this page
$redact pipeline operator restricts the contents of the documents based on information stored in the documents themselves.
To store the access criteria data, add a field to the documents and embedded documents. To allow for multiple combinations of access levels for the same data, consider setting the access field to an array of arrays. Each array element contains a required set that allows a user with that set to access the data.
For example, a
forecasts collection contains documents of the following form where the
tags field determines the access levels required to view the data:
For each document, the
tags field contains various access groupings necessary to view the data. For example, the value
[ [ "G" ], [ "FDW", "TGE" ] ] can specify that a user requires either access level
["G"] or both
[ "FDW", "TGE" ] to view the data.
Consider a user who only has access to view information tagged with either
"TGE". To run a query on all documents with year
2014 for this user, include a
$redact stage as in the following:
The aggregation operation returns the following “redacted” document for the user: