Read only auth for graphql

Im trying to generate a token with read only permissions through the graphql endpoint.

First attempt as per the doc here: Keys | Fauna Documentation I tried to create a new Key using the server-readonly role but it’s missing when I try to select it in the dropdown:


My second attempt has been creating a new Role with this privileges:

After issuing the key and trying to perform a query I’m getting this response:

    "errors": [
            "message": "Insufficient privileges to perform the action.",
            "extensions": {
                "code": "permission denied"

I’ve tried an admin key to rule out other problems and it works fine.

What am I missing? What’s the recommended way to create an auth key that has read only access to all the db through graphql?

Privileges on the schemas actually let you read/write the Collections, Functions, Indexes, etc. themselves. They do not apply broad permissions to the Documents in various Collections.

So if you have create privilege for the collections schema, that would give you permission to use CreateCollection, for example.

I didn’t know about server-readonly!! That could be super useful. It’s a bummer if it doesn’t show up in the dashboard.

You can still create one in the shell though,

  role: 'server-readonly',
  data: {
    name: 'My Readonly Server Key'
1 Like

thanks, @ptpaterson. Exactly what I needed