Weaviate · Schema
Permission
Permissions attached to a role.
Vector DatabaseAIMachine LearningSemantic SearchOpen SourceGraphQLKubernetes
Properties
| Name | Type | Description |
|---|---|---|
| backups | object | Resources applicable for backup actions. |
| data | object | Resources applicable for data actions. |
| nodes | object | Resources applicable for cluster actions. |
| users | object | Resources applicable for user actions. |
| groups | object | Resources applicable for group actions. |
| tenants | object | Resources applicable for tenant actions. |
| roles | object | Resources applicable for role actions. |
| collections | object | Resources applicable for collection and/or tenant actions. |
| replicate | object | resources applicable for replicate actions |
| aliases | object | Resource definition for alias-related actions and permissions. Used to specify which aliases and collections can be accessed or modified. |
| namespaces | object | Resources applicable for namespace actions. |
| action | string | Allowed actions in weaviate. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://api-evangelist.github.io/weaviate/json-schema/weaviate-permission-schema.json",
"title": "Permission",
"description": "Permissions attached to a role.",
"type": "object",
"properties": {
"backups": {
"type": "object",
"description": "Resources applicable for backup actions.",
"properties": {
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
}
}
},
"data": {
"type": "object",
"description": "Resources applicable for data actions.",
"properties": {
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
},
"tenant": {
"type": "string",
"description": "A string that specifies which tenants this permission applies to. Can be an exact tenant name or a regex pattern. The default value `*` applies the permission to all tenants.",
"default": "*"
},
"object": {
"type": "string",
"description": "A string that specifies which objects this permission applies to. Can be an exact object ID or a regex pattern. The default value `*` applies the permission to all objects.",
"default": "*"
}
}
},
"nodes": {
"type": "object",
"description": "Resources applicable for cluster actions.",
"properties": {
"verbosity": {
"type": "string",
"description": "Whether to allow (verbose) returning shards and stats data in the response.",
"enum": [
"verbose",
"minimal"
],
"default": "minimal"
},
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
}
}
},
"users": {
"type": "object",
"description": "Resources applicable for user actions.",
"properties": {
"users": {
"type": "string",
"description": "A string that specifies which users this permission applies to. Can be an exact user name or a regex pattern. The default value `*` applies the permission to all users.",
"default": "*"
}
}
},
"groups": {
"type": "object",
"description": "Resources applicable for group actions.",
"properties": {
"group": {
"type": "string",
"description": "A string that specifies which groups this permission applies to. Can be an exact group name or a regex pattern. The default value `*` applies the permission to all groups.",
"default": "*"
},
"groupType": {
"$ref": "#/components/schemas/GroupType"
}
}
},
"tenants": {
"type": "object",
"description": "Resources applicable for tenant actions.",
"properties": {
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
},
"tenant": {
"type": "string",
"description": "A string that specifies which tenants this permission applies to. Can be an exact tenant name or a regex pattern. The default value `*` applies the permission to all tenants.",
"default": "*"
}
}
},
"roles": {
"type": "object",
"description": "Resources applicable for role actions.",
"properties": {
"role": {
"type": "string",
"description": "A string that specifies which roles this permission applies to. Can be an exact role name or a regex pattern. The default value `*` applies the permission to all roles.",
"default": "*"
},
"scope": {
"type": "string",
"description": "Set the scope for the manage role permission.",
"enum": [
"all",
"match"
],
"default": "match"
}
}
},
"collections": {
"type": "object",
"description": "Resources applicable for collection and/or tenant actions.",
"properties": {
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
}
}
},
"replicate": {
"type": "object",
"description": "resources applicable for replicate actions",
"properties": {
"collection": {
"type": "string",
"description": "string or regex. if a specific collection name, if left empty it will be ALL or *",
"default": "*"
},
"shard": {
"type": "string",
"description": "string or regex. if a specific shard name, if left empty it will be ALL or *",
"default": "*"
}
}
},
"aliases": {
"type": "object",
"description": "Resource definition for alias-related actions and permissions. Used to specify which aliases and collections can be accessed or modified.",
"properties": {
"collection": {
"type": "string",
"description": "A string that specifies which collections this permission applies to. Can be an exact collection name or a regex pattern. The default value `*` applies the permission to all collections.",
"default": "*"
},
"alias": {
"type": "string",
"description": "A string that specifies which aliases this permission applies to. Can be an exact alias name or a regex pattern. The default value `*` applies the permission to all aliases.",
"default": "*"
}
}
},
"namespaces": {
"type": "object",
"description": "Resources applicable for namespace actions.",
"properties": {
"namespace": {
"type": "string",
"description": "A string that specifies which namespaces this permission applies to. Can be an exact namespace name or a regex pattern. The default value `*` applies the permission to all namespaces.",
"default": "*"
}
}
},
"action": {
"type": "string",
"description": "Allowed actions in weaviate.",
"enum": [
"manage_backups",
"read_cluster",
"create_data",
"read_data",
"update_data",
"delete_data",
"read_nodes",
"create_roles",
"read_roles",
"update_roles",
"delete_roles",
"create_collections",
"read_collections",
"update_collections",
"delete_collections",
"assign_and_revoke_users",
"create_users",
"read_users",
"update_users",
"delete_users",
"create_tenants",
"read_tenants",
"update_tenants",
"delete_tenants",
"create_replicate",
"read_replicate",
"update_replicate",
"delete_replicate",
"create_aliases",
"read_aliases",
"update_aliases",
"delete_aliases",
"assign_and_revoke_groups",
"read_groups",
"create_mcp",
"read_mcp",
"update_mcp",
"manage_namespaces"
]
}
},
"required": [
"action"
]
}