Can someone help identify why I am having issues executing this UDF from a Client Role when it executes as it should under an Admin Role and the following are true:
- The Client Role is able to execute the nested UDFs contained / called within the UDF below.
- I intend to give the Client no access to the database’s collections.
UDF:
@role(admin)
function findLocationHash(userCountry,
userState,
userPostcode) {
let countryCalendar = if (userCountry == null) {
null
} else {
FindCountryCalendar(userCountry)
}
let countryHash = if (countryCalendar == null) {
null
} else {
countryCalendar?.countryHash
}
let stateCalendar =
if (countryHash == null ||
userState == null) {
null
} else {
FindStateCalendar(userState,
countryCalendar?.countryChildren)
}
let stateHash = if (stateCalendar == null) {
null
} else {
stateCalendar?.stateHash
}
let parentsChildren = if (stateHash == null) {
countryCalendar?.countryChildren
} else {
stateCalendar?.stateChildren
}
let regionCalendar = if (countryHash == null
||
userPostcode == null) {
null
} else {
FindRegionCalendar(userPostcode,
parentsChildren)
}
let regionHash = if (regionCalendar == null) {
null
} else {
regionCalendar?.regionHash
}
{
"regionHash": regionHash,
"stateHash": stateHash,
"countryHash": countryHash
}
}
The error received:
Insufficient privileges to perform the action.
error: Insufficient privileges to perform the action.
at *query*:1:17
|
1 | findLocationHash("Australia","Western Australia","6100")
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
Hi @Darryl_Naidu,
If you haven’t already, make sure that the Client
role contains the call
privilege for findLocationHash()
. It should look something like this:
role Client {
...
privileges findLocationHash {
call
}
}
There’s more information in our FSL role schema reference docs: FSL role schema - Fauna Docs
I’ll work to raise the visibility of this within the function docs.
Hi @James_Rodewig,
Thanks for suggesting a look at the schema. I think it has revealed an issue with the ‘Manage Client’ view on the dashboard.
When writing the above query, the Client Role had CALL privilege for each of the UDFs shown:
When I encountered the issue initially, I immediately came here to check the privileges of the blocked UDFs. The functions didn’t show up in the list of privileges though when I went to add and save them, they were shown as having CALL privilege assigned and I could save. I didn’t check to confirm they were then in the list of Privileges in the Manage Client view though I had checked several times in the Add Privilege search shown below. One oddity is that when clicking Save the button would show that it is working and then stop though the window will not close. Having reattempted the process recently, it worked as it should which leads me to think that I may have been working on the dashboard with expired visit credentials and the UI just not developed to the point of providing that advice or prompting to login.
As a side note, I have found similar issues attempting to remove READ privileges to collections through the Manage Client view on the dashboard. When removing READ privileges for a given Collection and hitting Save, the Add Privilege window would close yet the Role would retain the same READ privilege. I had to delete from the Schema view. This issue is not because of any expired visit credentials and persists.
I think the documentation here is sufficient though perhaps making the above problems disappear would make coordination more intuitive.
I’m glad to hear the issue got resolved, although I’m sorry about the issues you had with the dashboard.
I’ll see if I can reproduce these issues now. If so, I’ll pass this along to the team. Thanks again!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.