A brief guide on Public roles in Fauna
Sometimes the data in your Fauna API doesn't require authentication to access it. In these cases a
Public role can help you keep your database and your data safe.
Fauna's default roles#
Fauna provides 2 default roles for every database you create.
Admin can create, destroy, or manage any database or key.
Server can create, destroy, or manage the database to which it is assigned.
If you were to build a web or mobile app where a malicious user can view a token generated for one of these roles, they will be able to create, destroy, or access just about anything.
The Public role#
Fauna does not provide a
Public role. The concept behind the
Public role is that can access unprivileged data, meaning data that is available for any user to read, create, or modify depending on your use case.
To define a
Public role, you first need to access the
New Custom Role screen in Fauna's dashboard.
From there, you can configure the privileges for the
Public role. In this example, I am providing
read access to the
Spaceship collection and also a supporting index called
Creating a Public key#
Now that you have a
Public role created, you can create a
This key is safer to expose to web and mobile clients because it only has the privileges you assigned to the
Further questions about Fauna? Find me on Twitter @seanconnollydev and let me know how I can help!