Access Roles

CeresDB supports three main access roles:

READ allows the user to read data
WRITE allows the user to read, write, overwrite, and delete data
ADMIN allows the user to manage users or permits

The required access mapping for each action is shown below

Collection

Action	Allowed roles	Action Level
DELETE	`ADMIN`	database
GET	`READ`, `WRITE`, or `ADMIN`	database
POST	`ADMIN`	database
PUT	`ADMIN`	database

Database

Action	Allowed roles	Action Level
DELETE	`WRITE` or `ADMIN`	instance
GET	`READ`, `WRITE`, or `ADMIN`	instance
POST	`WRITE` or `ADMIN`	instance

Permit

Action	Allowed roles	Action Level
DELETE	`ADMIN`	database
GET	`READ`, `WRITE`, or `ADMIN`	database
POST	`ADMIN`	database
PUT	`ADMIN`	database

Record

Action	Allowed roles	Action Level
DELETE	`WRITE` or `ADMIN`	database
GET	`READ`, `WRITE`, or `ADMIN`	database
PATCH	`WRITE` or `ADMIN`	database
POST	`WRITE` or `ADMIN`	database
PUT	`WRITE` or `ADMIN`	database

User

Action	Allowed roles	Action Level
DELETE	`ADMIN`	instance
GET	`READ`, `WRITE`, or `ADMIN`	instance
POST	`ADMIN`	instance
PUT	`ADMIN`	instance