WeaviateEx.API.RBAC (WeaviateEx v0.7.4)
View SourceRole-Based Access Control operations.
This module provides API operations for managing roles and permissions in Weaviate's RBAC system. Use this module to create, modify, and query roles.
Examples
alias WeaviateEx.API.RBAC
alias WeaviateEx.RBAC.Permissions
# Create a role with permissions
permissions = [
Permissions.collections("Article", [:read]),
Permissions.data("Article", [:read, :create])
]
{:ok, role} = RBAC.create_role(client, "article-reader", permissions)
# List all roles
{:ok, roles} = RBAC.list_roles(client)
# Check if role has permission
permission = Permissions.data("Article", :read)
{:ok, true} = RBAC.has_permissions?(client, "article-reader", [permission])
# Delete role
:ok = RBAC.delete_role(client, "article-reader")Summary
Functions
Add permissions to an existing role.
Create a role with permissions.
Delete a role.
Check if a role exists.
Get groups assigned to a role with type information.
Get groups assigned to a role.
Get a role by name.
Get users assigned to a role with type information.
Get users assigned to a role.
Check if a role has specific permissions.
List all roles.
Remove permissions from a role.
Types
@type opts() :: keyword()
Functions
@spec add_permissions( WeaviateEx.Client.t(), String.t(), [WeaviateEx.RBAC.Permission.t()] | WeaviateEx.RBAC.Permission.t(), opts() ) :: :ok | {:error, WeaviateEx.Error.t()}
Add permissions to an existing role.
Examples
permissions = [Permissions.data("Product", :read)]
:ok = RBAC.add_permissions(client, "editor", permissions)@spec create_role( WeaviateEx.Client.t(), String.t(), [WeaviateEx.RBAC.Permission.t()] | WeaviateEx.RBAC.Permission.t(), opts() ) :: {:ok, WeaviateEx.RBAC.Role.t()} | {:error, WeaviateEx.Error.t()}
Create a role with permissions.
Parameters
client- WeaviateEx clientrole_name- Name for the new rolepermissions- List of permissions (or nested lists that will be flattened)
Examples
permissions = [
Permissions.collections("Article", :read),
Permissions.data("Article", [:create, :read])
]
{:ok, role} = RBAC.create_role(client, "article-editor", permissions)@spec delete_role(WeaviateEx.Client.t(), String.t(), opts()) :: :ok | {:error, WeaviateEx.Error.t()}
Delete a role.
Examples
:ok = RBAC.delete_role(client, "old-role")@spec exists?(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, boolean()} | {:error, WeaviateEx.Error.t()}
Check if a role exists.
Examples
{:ok, true} = RBAC.exists?(client, "admin")
{:ok, false} = RBAC.exists?(client, "nonexistent")@spec get_group_assignments(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, [WeaviateEx.RBAC.GroupAssignment.t()]} | {:error, WeaviateEx.Error.t()}
Get groups assigned to a role with type information.
Returns a list of GroupAssignment structs containing group ID and type.
Currently, only OIDC groups are supported.
Examples
{:ok, assignments} = RBAC.get_group_assignments(client, "viewer")
for assignment <- assignments do
IO.puts("#{assignment.group_id} (#{assignment.group_type})")
endReturns
{:ok, [GroupAssignment.t()]}- List of group assignments with types{:error, Error.t()}- Error if request fails
@spec get_groups_for_role(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, [String.t()]} | {:error, WeaviateEx.Error.t()}
Get groups assigned to a role.
Examples
{:ok, groups} = RBAC.get_groups_for_role(client, "editor")@spec get_role(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, WeaviateEx.RBAC.Role.t()} | {:error, WeaviateEx.Error.t()}
Get a role by name.
Examples
{:ok, role} = RBAC.get_role(client, "editor")@spec get_user_assignments(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, [WeaviateEx.RBAC.UserAssignment.t()]} | {:error, WeaviateEx.Error.t()}
Get users assigned to a role with type information.
Returns a list of UserAssignment structs containing user ID and type.
The user type indicates how the user was created/authenticated:
:db_user- Database-backed user:db_env_user- Database user from environment variables:oidc- OpenID Connect authenticated user
Examples
{:ok, assignments} = RBAC.get_user_assignments(client, "editor")
for assignment <- assignments do
IO.puts("#{assignment.user_id} (#{assignment.user_type})")
endReturns
{:ok, [UserAssignment.t()]}- List of user assignments with types{:error, Error.t()}- Error if request fails
@spec get_users_for_role(WeaviateEx.Client.t(), String.t(), opts()) :: {:ok, [String.t()]} | {:error, WeaviateEx.Error.t()}
Get users assigned to a role.
Examples
{:ok, users} = RBAC.get_users_for_role(client, "editor")@spec has_permissions?( WeaviateEx.Client.t(), String.t(), [WeaviateEx.RBAC.Permission.t()] | WeaviateEx.RBAC.Permission.t(), opts() ) :: {:ok, boolean()} | {:error, WeaviateEx.Error.t()}
Check if a role has specific permissions.
Examples
permissions = [Permissions.data("Article", :read)]
{:ok, true} = RBAC.has_permissions?(client, "reader", permissions)@spec list_roles(WeaviateEx.Client.t(), opts()) :: {:ok, [WeaviateEx.RBAC.Role.t()]} | {:error, WeaviateEx.Error.t()}
List all roles.
Examples
{:ok, roles} = RBAC.list_roles(client)@spec remove_permissions( WeaviateEx.Client.t(), String.t(), [WeaviateEx.RBAC.Permission.t()] | WeaviateEx.RBAC.Permission.t(), opts() ) :: :ok | {:error, WeaviateEx.Error.t()}
Remove permissions from a role.
Examples
permissions = [Permissions.data("Product", :delete)]
:ok = RBAC.remove_permissions(client, "editor", permissions)