import TabItem from "@theme/TabItem"; import Tabs from "@theme/Tabs";
Role Authorization
The Role Authorization API provides permission control based on RBAC. When a user creates a table, they automatically become the owner of that table, and all users have read access by default. If you want to write data to a table, the table owner must grant you writer permissions for both the database and the table.
Access Control
You must be the owner of the database being operated on to conduct this operation.
Roles and Permissions
| Authorized Object | Role | Description | Permissions |
|---|---|---|---|
| Database | reader | Read-only user; Default permission | - |
| Database | writer | Write user | Create table |
| Database | owner | Owner | Create table, user authorization |
| Table | reader | Read-only user; Default permission | Read data |
| Table | writer | Write user | Read data, write data |
| Table | owner | Owner | Delete table, modify table structure, read data, write data, user authorization |
Authorization Using SDK
The SDK provides methods to authorize other users with read permission, write permission, and owner permission, respectively. For example, if we want to authorize another user with permissions for the bookshop.book table that we created, we can follow the example below.
Database Authorization
<Tabs defaultValue="Python" values={[ { label: "Python", value: "Python" }, { label: "JavaScript", value: "JavaScript" }, { label: "Golang", value: "Golang" }, ]}
Python SDK provides methods grant_reader(), grant_writer(), and grant_owner() to grant other users read permission, write permission, and owner permission for a database, respectively.
db=client.db(mk)
anotherUserAddress = "glitter1jcrujq86f6pn4mur9krn44x4a4rgkdqvfx4axt"
db.grant_reader(anotherUserAddress, "bookshop")
db.grant_writer(anotherUserAddress, "bookshop")
db.grant_owner(anotherUserAddress, "bookshop")
Python SDK provides methods grantReader(), grantWriter(), and grantOwner() to grant other users read permission, write permission, and owner permission for a database, respectively.
const db = client.db(mk);
const anotherUserAddress = "glitter1jcrujq86f6pn4mur9krn44x4a4rgkdqvfx4axt";
await db.grantReader(anotherUserAddress, "bookshop");
await db.grantWriter(anotherUserAddress, "bookshop");
await db.grantOwner(anotherUserAddress, "bookshop");
Golang SDK provides methods GrantReader(), GrantWriter(), and GrantOwner() to grant other users read permission, write permission, and owner permission for a database, respectively.
anotherUserAddress := "glitter1jcrujq86f6pn4mur9krn44x4a4rgkdqvfx4axt"
grantWriterResponse, err := glitterClient.GrantReader(ctx, "bookshop", "", anotherUserAddress)
grantWriterResponse, err := glitterClient.GrantWriter(ctx, "bookshop", "", anotherUserAddress)
grantWriterResponse, err := glitterClient.GrantOwner(ctx, "bookshop", "", anotherUserAddress)
Table Authorization
Table authorization uses the same methods as database authorization, but with the addition of the table parameter.
<Tabs defaultValue="Python" values={[ { label: "Python", value: "Python" }, { label: "JavaScript", value: "JavaScript" }, { label: "Golang", value: "Golang" }, ]}
Python SDK provides methods grant_reader(), grant_writer(), and grant_owner() to grant other users read permission, write permission, and owner permission for a table, respectively.
db=client.db(mk)
anotherUserAddress = "glitter1jcrujq86f6pn4mur9krn44x4a4rgkdqvfx4axt"
db.grant_reader(anotherUserAddress, "bookshop", "book")
db.grant_writer(anotherUserAddress, "bookshop", "book")
db.grant_owner(anotherUserAddress, "bookshop", "book")
Golang SDK provides methods GrantReader(), GrantWriter(), and GrantOwner() to grant other users read permission, write permission, and owner permission for a table, respectively.
anotherUserAddress = "glitter1jcrujq86f6pn4mur9krn44x4a4rgkdqvfx4axt"
grantWriterResponse, err := glitterClient.GrantReader(ctx, "bookshop", "book", anotherUserAddress)
grantWriterResponse, err := glitterClient.GrantWriter(ctx, "bookshop", "book", anotherUserAddress)
grantWriterResponse, err := glitterClient.GrantOwner(ctx, "bookshop", "book", anotherUserAddress)