API Permissions
Users can set access permissions for API Keys using the GDN Console GUI. Permissions can be assigned default values, or be configured granularly at the Database, Collections, or Streams level.
To set access permissions for an API Key click "Account" on the left-hand side of the GDN window. Click on "API Keys" and then click on the ID of the key that you want to configure.
Click to open the image in a new tab.
Database (Fabric) Access Permission:
Users can configure API Key access permissions for Databases (Fabrics) and Billing. Each key can be set on three levels of access, detailed below. This is the highest level of access permission that can be configured.
Click to open the image in a new tab.
Database: A list of all fabrics on the tenant. API Key permission can be set at the fabric level.
Administrate: Allows creating/dropping of collections and setting permissions in the database.
Access: Allows Read access to the database. API Key cannot create or drop collections
No Access: API Key has no access to the database.
Use Default: Access level is unspecified. Database default will be used.
Default * access level for API Key:
* (asterisk): The default access level for databases (fabrics), if authentication level is not specified permission will be set to No access(default).
Collection/Streams Access Permission:
Click on a fabric to open dropdown menus for collections and streams.
Click to open the image in a new tab.
Collections: A list of collections created on the selected fabric.
Read/Write: The API Key has access to Read and Write to the specified collection.
Read only: The API Key has access to Read from the specified collection.
No access: The API Key has no access to this collection.
Use default: The API Key the default database * option will be used.
Click to open the image in a new tab.
Streams: List of streams created on selected fabric,
Read/Write: The API Key has access to Read and Write to the specified stream.
Read only: The API Key has access to Read from the specified stream.
No access: The API Key has no access to this stream.
Use default: The API Key the default database * option will be used.
Billing permission for API Key:
Click to open the image in a new tab.
Read/Write: The API Key has access to Read and Write to the Billing API.
Read only: The API Key has access to Read from the Billing API.
No access: The API Key has no access to this Billing API.
Use default: The API Key the default database * option will be used.
Permissions Hierarchy:
Because API Key permissions can be set at multiple levels it is important to understand how the hierarchy works between those different levels. First, we will examine the default Database level. No access will be granted if the "Use Default" option is selected at the Database level. The default permission level is "No Access" and this value cannot be modified.
To grant access at the database level you must select the "Access" or "Administrate" permission level. Collection and Stream level permissions will inherit from the database level permissions or the collection level permissions, whichever provides greater access.
For Example, the Database "_system" has the permissions set to "Access", this is a Read only permission. At the collection level, the default permission is set to Read/Write and all collections are set to "Use Default". The API Key will be able to Read/Write to the collections on the "_system" database because the collections level permission is higher than the database level.
Click to open the image in a new tab.
Comments
0 comments
Please sign in to leave a comment.