role

Define a Role schema.

Syntax

role <roleName> {
  [privileges <reference> <privilegeDef> [. . .]]
  [membership <reference> [<predicate>] [. . .]]
}

<privilegeDef> ::= <action> [{ predicate (<predicate>) }]

<action> ::=
    call
    create
    delete
    history_read (not currently implemented)
    history_write (not currently implemented)
    read
    unrestricted_read (not currently implemented)
    write

Name

roleName String Required

Unique role name. The name can’t be events, sets, or self and can’t include the percent (%) character.

Properties

Parameter Type Required Description

privileges

Object

Privilege definitions. The privilegeDef, can be a categorical membership, such as { read; create } or a predicate. The predicate syntax depends on the action. If the predicate is omitted, the privilege for the action is granted.

The predicate must be in long-form syntax. See Anonymous functions.

See Privilege definition for more information about actions.

membership

String

Membership definitions, which can be defined as a categorical reference, <reference>, or as a predicate that evaluates resource membership for the role, <reference> <predicate>.

The predicate must be in long-form syntax. See Anonymous functions.

Examples

role MyRole {
  privileges MyCol { read; create }
  privileges YourCol {
    read
    create
    write {
      predicate ((x, y) => {
        foo(x) - bar(y) == 2
      })
    }
  }
  membership HisCol
  }
}

Is this article helpful? 

Tell Fauna how the article can be improved:
 Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!