Function document definition


Field Type Description


Name of the function.

Can’t be documents, events, self, sets, or a single underscore _, and can’t include a space character.


Document collection name.


Most recent document update timestamp.


FQL expression.


(Optional) Role to use when the function is called. Only included if role is provided when the UDF is created.

Can be a built-in role, admin, server, or server-readonly, or a user-defined role that grants write privilege for Functions.

Functions and roles

When creating a UDF, it is important to consider interactions between the potential roles of the caller and that of the function role. A UDF cannot invoke an action that exceeds the assigned role privileges. For example, a UDF designed for a write operation fails on execution if it has an assigned role limited to read privileges.

An authenticated caller who is a member of a user-defined Role with limited privileges can execute any function with a role that grants the call action privilege. The call action permits the function to execute even if it results in actions that exceed the limited privileges of the caller.

Assigning a role with the call action privilege is useful in many scenarios. For example, a complete_order function can be created with a role, such as admin. Such a function can complete a financial transaction and access database resources the caller cannot access.

Be careful when assigning roles with create and call privileges to functions. An unprivileged user might create a function with the admin role and call it to create a key that has the admin role. This situation also exists for the server role because it has implicit access to the create and call privileges.


Access the Function definition object:

  name: "Double",
  coll: Function,
  ts: "2023-04-22T13:19:08.080x",
  body: "(x) => x + x",
  role: "admin"

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email

Thank you for your feedback!