WeaviateEx.RBAC.Permission (WeaviateEx v0.7.4)

View Source

Represents a single permission in Weaviate RBAC.

A permission defines what action can be performed on which resources. Permissions are composed of:

  • type - The resource type (collections, data, tenants, etc.)
  • action - The allowed action (create, read, update, delete, manage, etc.)
  • filters - Optional restrictions on the permission scope

Filters by Type

TypeAvailable Filters
collectionscollection
datacollection, tenant, object
tenantscollection, tenant
rolesrole
usersuser
groupsgroup
nodesverbosity (:minimal or :verbose)
cluster(none)
backups(none)
replicatecollection
alias(none)

Examples

# Simple permission
Permission.new(:collections, :read)

# Permission with collection filter
Permission.new(:data, :create, collection: "Article")

# Permission with multiple filters
Permission.new(:data, :read, collection: "Article", tenant: "tenant-a")

# Nodes permission with verbosity
Permission.new(:nodes, :read, verbosity: :verbose)

Summary

Types

action()
permission_type()
role_scope()
t()
verbosity()

Functions

from_api(api_data)

Decode a permission from the Weaviate API response format.

new(type, action, opts \\ [])

Create a new permission with the given type, action, and optional filters.

to_api(permission)

Encode a permission to the Weaviate API format.

Types

action()

@type action() :: WeaviateEx.RBAC.Actions.action()

permission_type()

@type permission_type() :: WeaviateEx.RBAC.Actions.permission_type()

role_scope()

@type role_scope() :: :match | :all

t()

@type t() :: %WeaviateEx.RBAC.Permission{
  action: action(),
  collection: String.t() | nil,
  group: String.t() | nil,
  object: String.t() | nil,
  role: String.t() | nil,
  scope: role_scope() | nil,
  tenant: String.t() | nil,
  type: permission_type(),
  user: String.t() | nil,
  verbosity: verbosity() | nil
}

verbosity()

@type verbosity() :: :minimal | :verbose

Functions

from_api(api_data)

@spec from_api(map()) :: {:ok, t()} | {:error, String.t()}

Decode a permission from the Weaviate API response format.

Examples

{:ok, permission} = Permission.from_api(%{
  "action" => "read_data",
  "collection" => "Article"
})

new(type, action, opts \\ [])

@spec new(permission_type(), action(), keyword()) :: t()

Create a new permission with the given type, action, and optional filters.

Parameters

  • type - Permission type (e.g., :collections, :data, :tenants)
  • action - Action to allow (e.g., :create, :read, :update, :delete, :manage)
  • opts - Optional filters:
    • :collection - Filter by collection name
    • :tenant - Filter by tenant name
    • :object - Filter by object UUID
    • :role - Filter by role name
    • :user - Filter by user ID
    • :group - Filter by group name
    • :verbosity - For nodes permission: :minimal or :verbose
    • :scope - For roles permission: :match or :all

Examples

Permission.new(:collections, :read)
Permission.new(:data, :create, collection: "Article", tenant: "tenant-a")
Permission.new(:nodes, :read, verbosity: :verbose)
Permission.new(:roles, :read, role: "admin", scope: :match)

to_api(permission)

@spec to_api(t()) :: map()

Encode a permission to the Weaviate API format.

Examples

permission = Permission.new(:data, :read, collection: "Article")
Permission.to_api(permission)
# => %{"action" => "read_data", "collection" => "Article"}