Fauna DB returns error stating "permission denied" when querying related type, what privileges do I need to grant?

Closed the StackOverflow question because the resolution is essentially fixing a typo. ~This question is also on StackOverflow if you want to get some StackOverflow reputation :slight_smile:: Fauna DB returns error stating “permission denied” when querying related type, what privileges do I need to grant?~

Context

I have a GraphQL schema generated by Fauna that looks like this:

type Identity {
  _id: ID!
  _ts: Long!
  id: ID!
  connection: String!
  user: User!
}

type IdentityPage {
  data: [Identity]!
  after: String
  before: String
}

type User {
  _id: ID!
  _ts: Long!
  name: String!
  identities(
    _size: Int
    _cursor: String
  ): IdentityPage!
}

type Query {
  findIdentityByID(id: ID!): Identity
  findUserByID(id: ID!): User
}

:eyes: There’s a relation between User and Identity

And a role that is defined as follows:

{
  privileges: [
    {
      resource: Collection("identities"),
      actions: {
        read: true,
      },
    },
    {
      resource: Collection("users"),
      actions: {
        read: true,
      },
    },
    {
      resource: Index("unique_Identity_id"),
      actions: {
        read: true,
      },
    },
  ],
  membership: [
    {
      resource: Collection("users"),
    },
  ],
}

Given the above, the following queries work:

Getting the user given the ID of the user document.

# Headers
# Authorization: Bearer <token from external identity provider>

query {
  findUserById(id: "<id of user document representing authenticated user>") {
    _id
    _ts
    name
  }
}

Getting the identity document AND the user document given the ID of the identity document.

# Headers
# Authorization: Bearer <token from external identity provider>

query {
  findIdentityByID(id: "<id of identity document representing authenticated user's identity>") {
    _id
    _ts
    id
    connection
    user {
      _id
      _ts
      name
    }
  }
}

Problem

The problem is I’m unable to get the identity document given the ID of a user document. The following query yields an error from Fauna saying “permission denied”:

# Headers
# Authorization: Bearer <token from external identity provider>

query {
  findUserByID(id: "<id of user document representing authenticated user>") {
    _id
    _ts
    name
    identities {
      data {
        _id
        _ts
        id
        connection
      }
    }
  }
}

I’m unsure what privilege(s) I need to grant given read privileges have already been granted for related collections and indexes.

1 Like

There’s going to be an auto-generated index in your database that Fauna uses to lookup the user by identity. It’s going to be called something like identity_user_by_user (it might also be the opposite like user_identity_by_identity).

So you should add the index to your roles like this:

{
  resource: Index('identity_user_by_user'),
  actions: {
    read: true
  }
}
2 Likes

Oh, good spot. When I first set up the relation, I checked for the existence of that index but was blind and didn’t see it so forgot to add it to the role :woman_facepalming:t2:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.