Roles and Permission
Every bSQL database securable has permissions that can be granted to both database users and database roles. While there are a few built in roles the general idea is to create roles and assign users with the minimal amount of permissions they need in order to perform their function.
Permissions​
Management: Gives the database principle management rights on blockchain containers.AUTH: Gives the database principle security rights on users and encryption keys.ALTER: Gives the database principle mutation rights on a blockchain containers column structure and its corresponding index representations.WRITE: Gives the database principle mutations rights on a blockchain containers records and is inclusive ofINSERT,AMEND, andDiscontinuepermissions.INSERT: Gives the database principle record insertion rights on a blockchain container.AMEND: Gives the database principle record update rights on a blockchain container.DISCONTINUE: Gives the database principle record deletion rights on a blockchain container.READ: Gives the database principle query rights on a blockchain container.
Command Requirements​
Each bSQL command requires a different set of permissions to run.
| bSQL command | Permission required |
|---|---|
| CREATE DATABASE | MANAGEMENT on master |
| CREATE LOGIN | MANAGEMENT on master |
| CHECK VALIDITY | MANAGEMENT on master |
| CREATE BLOCKCHAIN | MANAGEMENT |
| CREATE SHARED | MANAGEMENT |
| CONNECT blockchain | MANAGEMENT |
| DISCONNECT blockchain | MANAGEMENT |
| DROP blockchain | MANAGEMENT |
| RESTORE | MANAGEMENT |
| BACKUP | MANAGEMENT |
| BUILD STATS | MANAGEMENT |
| DROP STATS | MANAGEMENT |
| AUTO BUILD | MANAGEMENT |
| CREATE KEY | AUTH |
| CREATE ROLE | AUTH |
| DROP ROLE | AUTH |
| ALTER ROLE | AUTH |
| ALTER BLOCKCHAIN | ALTER |
| CREATE INDEX | ALTER |
| DROP INDEX | ALTER |
| INSERT | WRITE or INSERT |
| STORE FILE | WRITE or INSERT |
| AMEND | WRITE or AMEND |
| DISCONTINUE | WRITE or DISCONTINUE |
| SELECT | READ |
| CHECK EXISTS | READ |
| DESCRIBE | READ |
| EXPORT FILE | READ |
| READ DIGEST | READ |
| VALIDATE DIGEST | READ |
NOTE: Transaction specific commands do not require permissions to run.
Every bSQL database comes with three built-in database roles.
Database Roles​
admin: Theadminrole has all permissions on the entire database including the system containers.devoloper: Thedevoloperrole hasMANAGEMENT,ALTER,WRITE, andREADpermissions on all user defined blockchain containers.reader: Thereaderrole hasREADpermissions on all user defined blockchain containers.Custom Roles can be created and managed using the following commands:​