Permissions
FaunaDB has a built-in permissions system that allows for fine-grained control over access to data.
Access is controlled by a resource’s permissions object. The identity of a request’s key is checked against the value of the permission field corresponding to the resource and action being taken.
Permission fields may be set to one of the following values:
| Value | Access Allowed |
|---|---|
empty |
Only server keys are allowed. |
"public" |
Any key is allowed. |
document ref |
Only tokens belonging to the specified document are allowed. |
collection ref |
Only tokens belonging to documents in the specified collection are allowed. |
|
Beginning with FaunaDB 2.11.0, the FaunaDB access control logic has been changed to use attribute-based access control (ABAC) roles, or the key-based permission system, but never both. If a resource is a member of an ABAC role, the ABAC role specifies all privileges for that resource. Otherwise, the key-based permission system determines whether read/write/execute privileges are enabled. For example, when an ABAC role includes a user-defined function as a
member, that function cannot be called unless the ABAC privileges permit
the |
Collection permissions
Creating, reading, and modifying a document in a collection is controlled by the collection’s permissions. Applicable fields on a collection are:
| Permission Field | Action Allowed |
|---|---|
|
Creating a document in the collection. |
|
Reading documents in the collection. |
|
Writing to document in the collection. |
A document also has permissions, which are applied in addition to permissions defined on its collection. The permissions on a document may contain these fields:
| Permission Field | Action Allowed |
|---|---|
|
Reading this document. |
|
Writing to this document. |
User-defined function permissions
Calling a function is controlled by its permissions. Applicable fields are:
| Permission Field | Action Allowed |
|---|---|
|
Calling the function. |
Index permissions
Query access to an index is controlled by its permissions. Applicable fields are:
| Permission Field | Action Allowed |
|---|---|
|
Querying the index. |
Was this article helpful?
We're sorry to hear that.
Tell us how we can improve!
documentation@fauna.com
Thank you for your feedback!