WeaviateEx.RBAC.Permissions (WeaviateEx v0.7.4)
View SourceBuilder API for constructing RBAC permissions.
This module provides a fluent API for creating permissions that can be assigned
to roles. Each builder function returns either a single Permission struct or
a list of Permission structs (when multiple actions are specified).
Examples
# Full access to a collection
Permissions.collections("Article", [:create, :read, :update, :delete])
# Read data from specific tenant
Permissions.data("Article", :read, tenant: "tenant-a")
# Manage all backups
Permissions.backups(:manage)
# Verbose node info
Permissions.nodes(:verbose)
# Multiple permissions for a role
permissions = [
Permissions.collections("Article", [:read, :update]),
Permissions.data("Article", [:read, :create]),
Permissions.cluster()
]Wildcards
Use :all to create permissions that apply to all resources:
Permissions.collections(:all, :read) # Read all collections
Permissions.data(:all, :read) # Read data from all collections
Permissions.users(:all, :read) # Read all usersSummary
Functions
Create alias permission(s).
Create backups permission.
Create cluster permission.
Create collections permission(s).
Create data permission(s).
Flatten a nested structure of permissions into a single list.
Create groups permission(s) (OIDC groups).
Create nodes permission.
Create replicate permission(s).
Create roles permission(s).
Create tenants permission(s).
Create users permission(s).
Types
Functions
@spec alias_permission(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create alias permission(s).
Named alias_permission because alias is a reserved word in Elixir.
Parameters
alias_name- Alias name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actions
Examples
Permissions.alias_permission("my-alias", :create)
Permissions.alias_permission(:all, [:create, :read, :delete])@spec alias_permission(name_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec backups(atom()) :: WeaviateEx.RBAC.Permission.t()
Create backups permission.
Parameters
action- Action atom (typically:manage). Defaults to:manage.
Examples
Permissions.backups()
Permissions.backups(:manage)@spec cluster(atom()) :: WeaviateEx.RBAC.Permission.t()
Create cluster permission.
Parameters
action- Action atom (typically:read). Defaults to:read.
Examples
Permissions.cluster()
Permissions.cluster(:read)@spec collections(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create collections permission(s).
Parameters
collection- Collection name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actions
Examples
Permissions.collections("Article", :read)
Permissions.collections("Article", [:create, :read, :update])
Permissions.collections(:all, :manage)
Permissions.collections(:read) # All collections, single action@spec collections(collection_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec data(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create data permission(s).
Parameters
collection- Collection name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actionsopts- Optional filters::tenant- Filter by tenant (or:allfor wildcard):object- Filter by object UUID
Examples
Permissions.data("Article", :read)
Permissions.data("Article", :read, tenant: "tenant-a")
Permissions.data("Article", [:create, :update], tenant: :all)@spec data(collection_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec data(collection_or_all(), actions(), keyword()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec flatten( WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]] ) :: [WeaviateEx.RBAC.Permission.t()]
Flatten a nested structure of permissions into a single list.
Useful when combining multiple permission builders.
Examples
nested = [
Permissions.collections("A", [:read, :update]),
[Permissions.cluster(), Permissions.nodes()]
]
Permissions.flatten(nested)
# => [%Permission{}, %Permission{}, %Permission{}, %Permission{}]@spec groups(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create groups permission(s) (OIDC groups).
Parameters
group- Group name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actions
Examples
Permissions.groups("engineering", :read)
Permissions.groups(:all, :assign_and_revoke)@spec groups(name_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec nodes( :minimal | :verbose, keyword() ) :: WeaviateEx.RBAC.Permission.t()
Create nodes permission.
Parameters
verbosity-:minimalor:verbose. Defaults to:minimal.opts- Optional keyword list::collection- Filter to specific collection (only valid with:verbose)
Examples
Permissions.nodes() # Minimal verbosity
Permissions.nodes(:minimal)
Permissions.nodes(:verbose)
# With collection filter (verbose only)
Permissions.nodes(:verbose, collection: "Article")@spec replicate(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create replicate permission(s).
Parameters
collection- Collection name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actions
Examples
Permissions.replicate("Article", :create)
Permissions.replicate(:all, [:create, :read])@spec replicate(collection_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec roles(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create roles permission(s).
Parameters
role- Role name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actionsopts- Optional filters::scope- Permission scope::matchor:all
Examples
Permissions.roles("admin", :read)
Permissions.roles(:all, [:create, :read, :delete])
Permissions.roles("admin", :read, scope: :match)
Permissions.roles("*", :manage, scope: :all)@spec roles(name_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec roles(name_or_all(), actions(), keyword()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec tenants(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create tenants permission(s).
Parameters
collection- Collection name or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actionsopts- Optional filters::tenant- Filter by specific tenant
Examples
Permissions.tenants("MyCollection", :create)
Permissions.tenants("MyCollection", [:create, :read, :delete])
Permissions.tenants(:all, :read, tenant: "tenant-a")@spec tenants(collection_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec tenants(collection_or_all(), actions(), keyword()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
@spec users(actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]
Create users permission(s).
Parameters
user- User ID or:allfor wildcard. Defaults to"*".actions- Single action atom or list of actions
Examples
Permissions.users("john", :read)
Permissions.users(:all, :assign_and_revoke)@spec users(name_or_all(), actions()) :: WeaviateEx.RBAC.Permission.t() | [WeaviateEx.RBAC.Permission.t()]