Skip to main content

Roles and Permission

Every bSQL database securable has permissions that can be granted to both database users and database roles. While there are a few built in roles the general idea is to create roles and assign users with the minimal amount of permissions they need in order to perform their function.

Permissions

  • Management: Gives the database principle management rights on blockchain containers.

  • AUTH: Gives the database principle security rights on users and encryption keys.

  • ALTER: Gives the database principle mutation rights on a blockchain containers column structure and its corresponding index representations.

  • WRITE: Gives the database principle mutations rights on a blockchain containers records and is inclusive of INSERT, AMEND, and Discontinue permissions.

  • INSERT: Gives the database principle record insertion rights on a blockchain container.

  • AMEND: Gives the database principle record update rights on a blockchain container.

  • DISCONTINUE: Gives the database principle record deletion rights on a blockchain container.

  • READ: Gives the database principle query rights on a blockchain container.

Command Requirements

Each bSQL command requires a different set of permissions to run.

bSQL commandPermission required
CREATE DATABASEMANAGEMENT on master
CREATE LOGINMANAGEMENT on master
CHECK VALIDITYMANAGEMENT on master
CREATE BLOCKCHAINMANAGEMENT
CREATE SHAREDMANAGEMENT
CONNECT blockchainMANAGEMENT
DISCONNECT blockchainMANAGEMENT
DROP blockchainMANAGEMENT
RESTOREMANAGEMENT
BACKUPMANAGEMENT
BUILD STATSMANAGEMENT
DROP STATSMANAGEMENT
AUTO BUILDMANAGEMENT
CREATE KEYAUTH
CREATE ROLEAUTH
DROP ROLEAUTH
ALTER ROLEAUTH
ALTER BLOCKCHAINALTER
CREATE INDEXALTER
DROP INDEXALTER
INSERTWRITE or INSERT
STORE FILEWRITE or INSERT
AMENDWRITE or AMEND
DISCONTINUEWRITE or DISCONTINUE
SELECTREAD
CHECK EXISTSREAD
DESCRIBEREAD
EXPORT FILEREAD
READ DIGESTREAD
VALIDATE DIGESTREAD

NOTE: Transaction specific commands do not require permissions to run.

Every bSQL database comes with three built-in database roles.

Database Roles

  • admin: The admin role has all permissions on the entire database including the system containers.

  • devoloper: The devoloper role has MANAGEMENT, ALTER, WRITE, and READ permissions on all user defined blockchain containers.

  • reader: The reader role has READ permissions on all user defined blockchain containers.

    Custom Roles can be created and managed using the following commands:

  • CREATE ROLE

  • ALTER ROLE

  • GRANT PERMISSION

  • REVOKE PERMISSION