Scripting

Example code and scripts to facilitate deployment and operational actions against RavenDB.

These examples use the RavenDB.Client NuGet.

Grant a user access to a database

The user access helper method

The following code shows an example of how to grant a user access to a RavenDB database.

This is helpful to ensure the user account, an endpoint is running under, has appropriate access to RavenDB.

public static void AddUserToDatabase(IDocumentStore documentStore, string username)
{
    var systemCommands = documentStore
        .DatabaseCommands
        .ForSystemDatabase();
    var windowsAuthDocument = GetWindowsAuthDocument(systemCommands);
    AddOrUpdateAuthUser(windowsAuthDocument, username, "<system>");

    var ravenJObject = RavenJObject.FromObject(windowsAuthDocument);
    systemCommands.Put("Raven/Authorization/WindowsSettings", null, ravenJObject, new RavenJObject());
}

static WindowsAuthDocument GetWindowsAuthDocument(IDatabaseCommands systemCommands)
{
    var existing = systemCommands.Get("Raven/Authorization/WindowsSettings");
    if (existing == null)
    {
        return new WindowsAuthDocument();
    }
    return existing
        .DataAsJson
        .JsonDeserialization<WindowsAuthDocument>();
}

static void AddOrUpdateAuthUser(WindowsAuthDocument windowsAuthDocument, string identity, string tenantId)
{
    var windowsAuthForUser = windowsAuthDocument
        .RequiredUsers
        .FirstOrDefault(x => x.Name == identity);
    if (windowsAuthForUser == null)
    {
        windowsAuthForUser = new WindowsAuthData
        {
            Name = identity
        };
        windowsAuthDocument.RequiredUsers.Add(windowsAuthForUser);
    }
    windowsAuthForUser.Enabled = true;

    AddOrUpdateDataAccess(windowsAuthForUser, tenantId);
}

static void AddOrUpdateDataAccess(WindowsAuthData windowsAuthForUser, string tenantId)
{
    var dataAccess = windowsAuthForUser
        .Databases
        .FirstOrDefault(x => x.TenantId == tenantId);
    if (dataAccess == null)
    {
        dataAccess = new ResourceAccess
        {
            TenantId = tenantId
        };
        windowsAuthForUser.Databases.Add(dataAccess);
    }
    dataAccess.ReadOnly = false;
    dataAccess.Admin = true;
}

class WindowsAuthDocument
{
    public List<WindowsAuthData> RequiredGroups = new List<WindowsAuthData>();
    public List<WindowsAuthData> RequiredUsers = new List<WindowsAuthData>();
}

class WindowsAuthData
{
    public string Name;
    public bool Enabled;
    public List<ResourceAccess> Databases = new List<ResourceAccess>();
}

Using the user access helper method

using (var documentStore = new DocumentStore
{
    Url = "http://locationOfRavenDbInstance:8083/"
})
{
    documentStore.Initialize();
    AddUserToDatabase(documentStore, "UserNameToAdd");
}

Last modified