Delegates
A document may delegate access on its behalf to other documents by
adding the other documents' References to its delegates
list. Any
tokens belonging to a member of delegates
are granted access as though
they were tokens belonging to the delegating document.
Example
For example, if a user (with document ID 1
) has read access to the
"spells" collection, but another user (with document ID 2
) does not,
the first user may grant access via delegation to the second user with
the following query:
ObjectV(ref: RefV(id = "1", collection = RefV(id = "users", collection = RefV(id = "collections"))),ts: LongV(1621374013780000),data: ObjectV(name: StringV(Alice Crypto),email: StringV(alice@site.example.com)),delegates: Arr(RefV(id = "2", collection = RefV(id = "users", collection = RefV(id = "collections")))))
map[data:map[email:alice@site.example.com name:Alice Crypto] delegates:[{2 0xc000109d40 0xc000109d40 <nil>}] ref:{1 0xc000109b60 0xc000109b60 <nil>} ts:1621374015010000]
{ref: ref(id = "1", collection = ref(id = "users", collection = ref(id = "collections"))), ts: 1621374020240000, data: {name: "Alice Crypto", email: "alice@site.example.com"}, delegates: [ref(id = "2", collection = ref(id = "users", collection = ref(id = "collections")))]}
{
ref: Ref(Collection("users"), "1"),
ts: 1621374020750000,
data: { name: 'Alice Crypto', email: 'alice@site.example.com' },
delegates: [ Ref(Collection("users"), "2") ]
}
{'ref': Ref(id=1, collection=Ref(id=users, collection=Ref(id=collections))), 'ts': 1621374021070000, 'data': {'name': 'Alice Crypto', 'email': 'alice@site.example.com'}, 'delegates': [Ref(id=2, collection=Ref(id=users, collection=Ref(id=collections)))]}
{
ref: Ref(Collection("users"), "1"),
ts: 1624310593770000,
data: { name: 'Alice Crypto', email: 'alice@site.example.com' },
delegates: [ Ref(Collection("users"), "2") ]
}
Now, when the second user attempts to read from the "spells" collection, they are granted the same level of access as the first user.
Delegates are not transitive — in the example above, the second user may not delegate the first user’s permissions to another user.
Was this article helpful?
We're sorry to hear that.
Tell us how we can improve!
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!