Role

Learn: Roles

We recommend you use FSL to create and update user-defined roles. See FSL role schema.

Fauna uses secrets for authentication and authorization. Roles determine a secret’s privileges, which control data access.

Role collection

Fauna stores user-defined roles as documents in the Role system collection. These documents are an FQL version of the FSL role schema.

Role documents have the following FQL structure:

{
  name: "customer",
  coll: Role,
  ts: Time("2099-07-31T12:37:05.280Z"),
  privileges: [
    {
      resource: "Product",
      actions: {
        read: true
      }
    },
    {
      resource: "Order",
      actions: {
        read: "(ref) => Query.identity() == ref.customer"
      }
    },
    {
      resource: "Customer",
      actions: {
        read: "(ref) => Query.identity() == ref"
      }
    },
    {
      resource: "getOrCreateCart",
      actions: {
        call: "(id) => Query.identity()?.id == id"
      }
    },
    {
      resource: "checkout",
      actions: {
        call: "(name) => true"
      }
    }
  ],
  membership: [
    {
      resource: "Customer"
    }
  ],
  data: {
    desc: "End user customer role"
  }
}
Field name Value type Description

name

String

(required) Unique name for the role in the database.

Must begin with a letter. Can only include letters, numbers, and underscores. admin, server, and server-readonly are reserved and can’t be used.

membership

Array

(optional) Assigns the role to tokens based on the token’s identity document. See Membership definition.

privileges

Array

(optional) Allows one or more actions on a resource. See Privileges definition.

coll

Collection

The Role collection name.

ts

Time

Timestamp of the most recent document write.

data

Object

(optional) Arbitrary user-defined metadata.

Static methods

You can use the following static methods to manage the Role collection in FQL.

Method Description

Role.all()

Get the Set of all roles.

Role.byName()

Get a role by its name.

Role.create()

Create a role.

Role.firstWhere()

Get the first role matching a predicate function.

Role.toString()

Get the name of the Role collection as a string.

Role.where()

Get roles matching a predicate function.

Instance methods

You can use the following instance methods to manage specific Role documents in FQL.

Method Description

role.delete()

Delete a role.

role.exists()

Tests if a role exists.

role.replace()

Replace a role.

role.update()

Update a role.

Is this article helpful? 

Tell Fauna how the article can be improved:
 Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!