Pitfalls

Overly Permissive Public Roles

The dangers of granting excessive permissions to public roles in Monospace.

Granting broad permissions to public roles can inadvertently expose your API to unauthenticated access.

The Pitfall

Monospace enforces its permission system on all requests, including unauthenticated ones. Unauthenticated requests are evaluated against any roles marked as public (isPublic: true). If a public role is inadvertently granted wildcard (*) access to critical collections or system settings, anyone with network access to your Monospace instance could read or mutate sensitive data. Note that some protections do exist -- unauthenticated users are always denied organization-level entitlements and cannot resolve $CURRENT_USER variables -- but CRUD-level data access is governed entirely by the public role configuration.

Mitigation

Always ensure that public roles have strictly limited entitlements and that sensitive collections are only accessible by authenticated roles. Validate your role permissions via the API or Studio before deploying to production.

Edit this pageorReport an issue

Project Configuration

Understanding startup crashes due to malformed configs in Monospace.

No Aggregates

Understand the current limitations around data aggregation natively in the Monospace API.