Key collection is a native
collection of key documents. Documents in this collection have an immutable,
Fauna-defined structure. Keys are tied to a database and allow access to its
contents. Database owners or administrators typically use keys to manage
database structure and contents with few restrictions. Keys are frequently used
for background tasks that automate routine database procedures.
Key.create() method can specify an optional
database field. If no
database is supplied, the
Key.create() grants access to the current database.
Token documents, a
Key document has no associated credential, so
there is no identity. The lack of a credential means that keys grant
anonymous-based access to a database. Any person or process with a Fauna key
secret can access the database associated with the key.
The access permissions that a key grants depend on the
role field supplied by
Key.create(). A key can attach to user-defined roles for attribute-based
access control (ABAC) or to the Fauna built-in roles. A user-defined
document has a
privileges array specifying one or more resources and the
actions permitted on that resource. The built-in roles have the following
Used to manage the associated database, including the database access providers, child databases, documents, functions, indexes, keys, tokens, and user-defined roles. Protect key secrets with administrative privileges in the same way as a root password.
When a user-defined function (UDF) has the
Equivalent to the
Provides read-only access to all data in the database that they’re assigned to. Because they grant unrestricted read access, they should be well protected and only used in trusted or server-side environments.
Deprecated. Do not use.
Reading or writing key documents requires the
admin key or equivalent
permissions from a user-defined role.
|See the Key document definition.|
Key.create() is called, Fauna returns a key document that includes
secret field. This is a password-equivalent field. The caller must
secret from the result and store it. Fauna cannot recover a
secret that is discarded or lost.
Follow these guidelines:
Never embed the
adminkey secrets into applications.
adminkey secrets only with individuals that need unrestricted database access.
Consider creating a user-defined administrative role and applying membership to user documents instead of using
Ensure that keys that attach to user-defined roles have the minimum level of access needed to do the required actions.
Is this article helpful?
Tell Fauna how the article can be improved:
Thank you for your feedback!