Write predicate function that resolve delete database with defined name

I want create user (role) that will be permitted to delete database with defined name. (for safe automation testing)
I can’t understand why my function not work (permission denied when i try “request as” from shell):

Lambda("ref", Equals(Select(["name"], Get(Var("ref"))), "test_database"))

The template of predicate function provides using data:

Lambda("ref", Equals(
  Identity(), // logged in user
  Select(["data", "owner"], Get(Var("ref")))
))

…but no data in:

Get(Database("name"))

it return:

{
  ref: Database("somecompanyname_34f64628-a8f4-4e2d-969f-da45e8a04966"),
  ts: 1648236978107000,
  name: "somecompanyname_34f64628-a8f4-4e2d-969f-da45e8a04966",
  global_id: "y1fdmb3qcyfr1"
}

There is some confusion here. Help me write a function please.

Does the logged-in identity belong to the parent database or the child database? If it belongs to the child database, it cannot access the parent database’s context in order to see the child database by name.

Can you show us the full Role definition as you currently have it?

If there is no data.owner field in your database, then the Role will always fail. That is, Select(["data", "owner"], Get(Var("ref"))) will error, since there the path does not exist.

You will need to assign the owner.

Update(Database("name"), {
  data: {
    owner: Ref(Collection("user"), "101") // or whatever the owner actually is
  }
})
1 Like