Example code and scripts to facilitate deployment and operational actions against RavenDB.
These examples use the RavenDB.Client NuGet.
Grant a user access to a database
The user access helper method
The following code shows an example of how to grant a user access to a RavenDB database.
This is helpful to ensure the user account that an endpoint is running under has appropriate access to RavenDB.
public static void AddUserToDatabase(IDocumentStore documentStore, string username)
{
var systemCommands = documentStore
.DatabaseCommands
.ForSystemDatabase();
var windowsAuthDocument = GetWindowsAuthDocument(systemCommands);
AddOrUpdateAuthUser(windowsAuthDocument, username, "<system>");
var ravenJObject = RavenJObject.FromObject(windowsAuthDocument);
systemCommands.Put("Raven/Authorization/WindowsSettings", null, ravenJObject, new RavenJObject());
}
static WindowsAuthDocument GetWindowsAuthDocument(IDatabaseCommands systemCommands)
{
var existing = systemCommands.Get("Raven/Authorization/WindowsSettings");
if (existing == null)
{
return new WindowsAuthDocument();
}
return existing
.DataAsJson
.JsonDeserialization<WindowsAuthDocument>();
}
static void AddOrUpdateAuthUser(WindowsAuthDocument windowsAuthDocument, string identity, string tenantId)
{
var windowsAuthForUser = windowsAuthDocument
.RequiredUsers
.FirstOrDefault(x => x.Name == identity);
if (windowsAuthForUser == null)
{
windowsAuthForUser = new WindowsAuthData
{
Name = identity
};
windowsAuthDocument.RequiredUsers.Add(windowsAuthForUser);
}
windowsAuthForUser.Enabled = true;
AddOrUpdateDataAccess(windowsAuthForUser, tenantId);
}
static void AddOrUpdateDataAccess(WindowsAuthData windowsAuthForUser, string tenantId)
{
var dataAccess = windowsAuthForUser
.Databases
.FirstOrDefault(x => x.TenantId == tenantId);
if (dataAccess == null)
{
dataAccess = new ResourceAccess
{
TenantId = tenantId
};
windowsAuthForUser.Databases.Add(dataAccess);
}
dataAccess.ReadOnly = false;
dataAccess.Admin = true;
}
class WindowsAuthDocument
{
public List<WindowsAuthData> RequiredGroups = new List<WindowsAuthData>();
public List<WindowsAuthData> RequiredUsers = new List<WindowsAuthData>();
}
class WindowsAuthData
{
public string Name;
public bool Enabled;
public List<ResourceAccess> Databases = new List<ResourceAccess>();
}
Using the user access helper method
using (var documentStore = new DocumentStore
{
Url = "http://locationOfRavenDbInstance:8083/"
})
{
documentStore.Initialize();
AddUserToDatabase(documentStore, "UserNameToAdd");
}