Skip to main content

Restrict Who Can Edit What

Now, we have a schema and sample data. All of the people who can propose changes in our ledger have the [_role/id, voter] role, but we haven't added rules to that role.

In this section, we won't actually add those rules to the relevant role, but we will create four rules.

Who Can Edit What?#

First, we'll add four simple rules:

  1. One rule that will allow users to transact and view votes.
  2. Another rule that will allow user to transact and view changes.
  3. The third rule will allow users to view all users.
  4. The fourth rule will allow users to view all auth records.

To create these two rules, we'll need to specify the following predicates:

  • id: "editVotes", "editChanges", "viewUsers", and "viewAuth"
  • collection: "vote"
  • collectionDefault: true
  • ops: An array with "transact" or "query" or both, depending on what we want to allow.
  • fns: We'll be using a built-in ledger function to allow users free access to transact and query these two collections. For a refresher on how to reference the relevant built-in function, see the Function Predicates section.

Create the Four Relevant Rules

Using the above instructions, create the four relevant rules.