Security best practices
This guide covers best practices for authentication and authorization in Fauna.
Follow the principle of least privilege
Users and systems should have the fewest privileges needed to complete their required tasks:
-
Only add privileges to roles that need them.
-
Only assign roles to users or systems that require them.
-
Only allow access to sensitive data through user-defined functions (UDFs). UDFs let you control how data is accessed and customize the format of returned data.
Limit the number of user-defined roles
Only create the roles you need when you need them.
Fauna evaluates roles and privileges at query time. This lets you create or change roles as needed. Changes to roles and privileges take effect immediately and affect existing secrets.
Limit the number of role-related predicates
For the best performance and lower costs, only use role-related predicates when needed.
Role-related predicates are evaluated for every applicable query. Predicate evaluations consume Transactional Read and Transactional Compute Operations.
Use indexes for filtering
Avoid using role-related predicates to filter collections or large sets of documents. Instead, use indexes.
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!