Read only auth for graphql

jorfermo · April 14, 2021, 8:04am

Im trying to generate a token with read only permissions through the graphql endpoint.

First attempt as per the doc here: Keys | Fauna Documentation I tried to create a new Key using the server-readonly role but it’s missing when I try to select it in the dropdown:

My second attempt has been creating a new Role with this privileges:

After issuing the key and trying to perform a query I’m getting this response:

{
    "errors": [
        {
            "message": "Insufficient privileges to perform the action.",
            "extensions": {
                "code": "permission denied"
            }
        }
    ]
}

I’ve tried an admin key to rule out other problems and it works fine.

What am I missing? What’s the recommended way to create an auth key that has read only access to all the db through graphql?

ptpaterson · April 14, 2021, 1:29pm

Privileges on the schemas actually let you read/write the Collections, Functions, Indexes, etc. themselves. They do not apply broad permissions to the Documents in various Collections.

So if you have create privilege for the collections schema, that would give you permission to use CreateCollection, for example.

I didn’t know about server-readonly!! That could be super useful. It’s a bummer if it doesn’t show up in the dashboard.

You can still create one in the shell though,

CreateKey({
  role: 'server-readonly',
  data: {
    name: 'My Readonly Server Key'
  }
})

jorfermo · April 14, 2021, 2:03pm

thanks, @ptpaterson. Exactly what I needed

Topic		Replies	Views
GraphQL only role Feature Requests graphql , feature-request	6	594	February 28, 2023
Authenticated user doesn't have permission to create documents Help	3	1409	April 18, 2023
Roles membership auth token permissions denied Help	3	428	May 4, 2021
Serving secrets Help authentication , best-practices	2	354	June 3, 2021
Auth0 with graphql Help graphql , authentication	6	345	October 5, 2021

Read only auth for graphql

Related Topics