Create a key for a built-in roles

The procedures in this tutorial extend the examples created in Access control.

You can also create database access keys that run with one of the built-in Fauna roles:

  • admin

  • server

  • server-readonly

This tutorial creates a key for the server role. A key with server role is equivalent to the admin role, except that user-defined roles, child databases, keys, tokens, and their associated documents can’t be directly managed with the server role.

Verify your setup

This procedure verifies the setup you did previously by showing you how to query keys from the Shell command line.

  1. Choose Resources to display the Shell.

  2. Select Admin from the run menu.

  3. Query for all keys in your CoffeeStore database:

    Key.all()

    The return should include the coffee-admin document. Except for the return by Key.create(), the secret is never displayed in the document data. If you don’t have the coffee-admin key, create one as shown in the prerequisite example for this section.

Create a key with server role

Use the coffee-admin key from the Shell to create another key. This time, apply a server role.

  1. Choose Secret from the run menu.

  2. Enter the coffee-admin secret in the field provided.

  3. Create a new key named coffee-server that has the built-in server role:

    Key.create({
  role: "server",
  data: {
    name: "coffee-server"
  }
})
    {
  id: "370149530561151010",
  coll: Key,
  ts: Time("2023-07-13T15:09:10.540Z"),
  data: {
    name: "coffee-admin"
  },
  role: "server",
  secret: "fnAFIwkJcuAAIdafadfglWm-fNHMSPKWVvk6orZc3U"
}

    Note that the returned secret differs.

  4. Store the secret in a password manager or other safe location.

  5. Choose Secret from the Run as menu.

  6. Enter the coffee-server secret in the Secret field at the bottom of the page.

  7. Run the following query with the coffee-server secret, which has server-level privileges:

    Key.all()
    {
  data: []
}

    The successful query returns an empty list because a key with a server role doesn’t have the privileges to manage a Key collection.

Is this article helpful? 

Tell Fauna how the article can be improved:
 Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!