Skip to content

Commit

Permalink
Add info on default permissions (#766)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dhghomon
Dhghomon authored Aug 20, 2024
1 parent 2dbd59a commit c42e556
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 3 deletions.
22 changes: 19 additions & 3 deletions doc-surrealdb_versioned_docs/version-latest/surrealql/statements/define/field.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,9 +219,27 @@ The `OVERWRITE` clause can be used to create a field and overwrite an existing o
DEFINE FIELD OVERWRITE example ON TABLE user TYPE string;
```


### Setting permissions on fields

By default, the permissions on a field will be set to FULL unless otherwise specified.

```surql
DEFINE FIELD info ON TABLE some_table TYPE string;
INFO FOR TABLE some_table;
```

```bash title="Response"
{
events: {},
fields: {
info: 'DEFINE FIELD info ON some_table TYPE string PERMISSIONS FULL'
},
indexes: {},
lives: {},
tables: {}
}
```

You can set permissions on fields to control who can perform operations on them using the `PERMISSIONS` clause. The `PERMISSIONS` clause can be used to set permissions for `SELECT`, `CREATE`, `UPDATE`, and `DELETE` operations.

```surql
Expand All @@ -233,8 +251,6 @@ DEFINE FIELD email ON TABLE user
FOR delete WHERE user=$auth.id OR $auth.role="admin";
```

The `PERMISSIONS` clause can also be used to set permissions for all operations using the `FULL` keyword.

## Array with allowed values
By using an Access Control List as an example we can show how we can restrict what values can be stored in an array. In this example we are using an array to store the permissions for a user on a resource. The permissions are restricted to a specific set of values.

Expand Down
25 changes: 25 additions & 0 deletions doc-surrealdb_versioned_docs/version-latest/surrealql/statements/define/table.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,31 @@ As mentioned though, there are a few limitations to keep in mind.

### Defining permissions

By default, the permissions on a table will be set to NONE unless otherwise specified.

```surql
CREATE some_table;
DEFINE TABLE some_other_table;
INFO FOR DB;
```

```bash title="Response"
{
analyzers: {},
functions: {},
models: {},
params: {},
scopes: {},
tables: {
some_other_table: 'DEFINE TABLE some_other_table TYPE ANY SCHEMALESS PERMISSIONS NONE',
some_table: 'DEFINE TABLE some_table TYPE ANY SCHEMALESS PERMISSIONS NONE'
},
tokens: {},
users: {}
}
```

The following shows how to set table level `PERMISSIONS` using the `DEFINE TABLE` statement. This allows you to set independent permissions for selecting, creating, updating, and deleting data.

```surql
Expand Down

0 comments on commit c42e556

Please sign in to comment.