A brief guide on Public roles in Fauna

Sometimes the data in your Fauna API doesn't require authentication to access it. In these cases a Public role can help you keep your database and your data safe.

Fauna provides 2 default roles for every database you create.

Admin can create, destroy, or manage any database or key.

Server can create, destroy, or manage the database to which it is assigned.

If you were to build a web or mobile app where a malicious user can view a token generated for one of these roles, they will be able to create, destroy, or access just about anything.

Fauna does not provide a Public role. The concept behind the Public role is that can access unprivileged data, meaning data that is available for any user to read, create, or modify depending on your use case.

To define a Public role, you first need to access the New Custom Role screen in Fauna's dashboard.

From there, you can configure the privileges for the Public role. In this example, I am providing read access to the Spaceship collection and also a supporting index called spaceships.

Now that you have a Public role created, you can create a Public key.

This key is safer to expose to web and mobile clients because it only has the privileges you assigned to the Public role.

Further questions about Fauna? Find me on Twitter @seanconnollydev and let me know how I can help!