Read only auth for graphql

jorfermo · April 14, 2021, 8:04am

Im trying to generate a token with read only permissions through the graphql endpoint.

First attempt as per the doc here: Keys | Fauna Documentation I tried to create a new Key using the server-readonly role but it’s missing when I try to select it in the dropdown:

My second attempt has been creating a new Role with this privileges:

After issuing the key and trying to perform a query I’m getting this response:

{
    "errors": [
        {
            "message": "Insufficient privileges to perform the action.",
            "extensions": {
                "code": "permission denied"
            }
        }
    ]
}

I’ve tried an admin key to rule out other problems and it works fine.

What am I missing? What’s the recommended way to create an auth key that has read only access to all the db through graphql?

ptpaterson · April 14, 2021, 1:29pm

Privileges on the schemas actually let you read/write the Collections, Functions, Indexes, etc. themselves. They do not apply broad permissions to the Documents in various Collections.

So if you have create privilege for the collections schema, that would give you permission to use CreateCollection, for example.

I didn’t know about server-readonly!! That could be super useful. It’s a bummer if it doesn’t show up in the dashboard.

You can still create one in the shell though,

CreateKey({
  role: 'server-readonly',
  data: {
    name: 'My Readonly Server Key'
  }
})

jorfermo · April 14, 2021, 2:03pm

thanks, @ptpaterson. Exactly what I needed

Topic		Replies	Views
Authenticated user doesn't have permission to create documents Help	3	1521	April 18, 2023
Permission Denied Help graphql , javascript	7	938	November 25, 2021
Roles membership auth token permissions denied Help	3	474	May 4, 2021
Serving secrets Help authentication , best-practices	2	391	June 3, 2021
Auth0 with graphql Help graphql , authentication	6	382	October 5, 2021

Read only auth for graphql

Related topics