permissionsravendbravendb4

How to permission a document that cannot be deleted by client user and can modified only?


How to permission a document that can be modified by client but not deleted ?

Does RavenDB have notion of document permission for admin & non-admin users like in other Relational Databases ?

I have a set of documents which will be created only from the RavenDB Dashboard. I want to prevent these handful of documents to be deleted by the client.

Although client should be able to "modify" them, by "modify" I mean append only.


Solution

  • I am assuming we are talking about 4.x version of RavenDB.

    On short, no, it is not possible with out of the box functionality. Authentication and authorization in RavenDB is based on certificates, and functionality-wise is different from what you would typically find in major RDBMS databases. You can assign roles per client certificate, and those roles would have pre-defined set of operations they can access. You can also restrict which databases certain certificate can access. But you cannot restrict certain client certificates from deleting a document while allowing to do other operations. Take a look at the documentation article for more information : https://ravendb.net/docs/article-page/4.2/csharp/server/security/authorization/security-clearance-and-permissions

    If I needed to implement such functionality, I would probably place such logic in DAL layer of the application itself.