Delegates
A document may delegate access on its behalf to other documents by
adding the other documents' References to its delegates
list. Any
tokens belonging to a member of delegates
are granted access as though
they were tokens belonging to the delegating document.
Example
For example, if a user (with document ID 1
) has read access to the
"spells" collection, but another user (with document ID 2
) does not,
the first user may grant access via delegation to the second user with
the following query:
map[data:map[email:alice@site.example.com name:Alice Crypto] delegates:[{2 0xc000109d40 0xc000109d40 <nil>}] ref:{1 0xc000109b60 0xc000109b60 <nil>} ts:1621374015010000]
{
ref: Ref(Collection("users"), "1"),
ts: 1621374020750000,
data: { name: 'Alice Crypto', email: 'alice@site.example.com' },
delegates: [ Ref(Collection("users"), "2") ]
}
{'ref': Ref(id=1, collection=Ref(id=users, collection=Ref(id=collections))), 'ts': 1621374021070000, 'data': {'name': 'Alice Crypto', 'email': 'alice@site.example.com'}, 'delegates': [Ref(id=2, collection=Ref(id=users, collection=Ref(id=collections)))]}
{
ref: Ref(Collection("users"), "1"),
ts: 1624310593770000,
data: { name: 'Alice Crypto', email: 'alice@site.example.com' },
delegates: [ Ref(Collection("users"), "2") ]
}
Now, when the second user attempts to read from the "spells" collection, they are granted the same level of access as the first user.
Delegates are not transitive — in the example above, the second user may not delegate the first user’s permissions to another user.
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!