Permissions
|
The content on this page describes the "legacy" permissions system within Fauna. Instead, you should use Attribute-based access control (ABAC), which provides far greater control over the groups of users that should have access and the kinds of access that they should receive. |
Fauna has a built-in permissions system that allows for fine-grained control over access to data.
Access is controlled by a resource’s permissions object. The identity
of a request’s key is checked against the value of the permission field
corresponding to the resource and action being taken.
Permission fields
Permission fields may be set to one of the following values:
| Value | Access Allowed | ||
|---|---|---|---|
empty |
Only admin or server keys are allowed. |
||
|
Any key is allowed.
|
||
document ref |
Only tokens belonging to the specified document are allowed. |
||
collection ref |
Only tokens belonging to documents in the specified collection are allowed. |
|
Beginning with Fauna 2.11.0, the Fauna access control logic has been changed to use attribute-based access control (ABAC) roles, or the key-based permission system, but never both. If a resource is a member of an ABAC role, the ABAC role specifies all privileges for that resource. Otherwise, the key-based permission system determines whether read/write/execute privileges are enabled. For example, when an ABAC role includes a user-defined function as a
member, that function cannot be called unless the ABAC privileges permit
the |
Collection permissions
Creating, reading, and modifying a document in a collection is controlled by the collection’s permissions. Applicable fields on a collection are:
| Permission field | Action allowed |
|---|---|
|
Permits creating a document in the collection. |
|
Permits reading documents in the collection. |
|
Permits writing to documents in the collection. |
A document also has permissions, which are applied in addition to permissions defined on its collection. The permissions on a document may contain these fields:
| Permission field | Action allowed |
|---|---|
|
Permits reading this document. |
|
Permits writing to this document. |
User-defined function permissions
Calling a function is controlled by its permissions. Applicable fields are:
| Permission field | Action allowed |
|---|---|
|
Permits calling the function. |
Index permissions
Query access to an index is controlled by its permissions. Applicable fields are:
| Permission field | Action allowed |
|---|---|
|
Permits querying the index. |
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!