Scripting

RavenDB's implementation of distributed transactions contains a bug that could cause an endpoint, in certain (rare) conditions, to lose data. If RavenDB is configured to enlist in distributed transactions, read DTC not supported for RavenDB Persistence.

Example code and scripts to facilitate deployment and operational actions against RavenDB.

These examples use the RavenDB.Client NuGet.

Grant a user access to a database

The user access helper method

The following code shows an example of how to grant a user access to a RavenDB database.

This is helpful to ensure the user account, an endpoint is running under, has appropriate access to RavenDB.

public static void AddUserToDatabase(IDocumentStore documentStore, string username)
{
    var systemCommands = documentStore
        .DatabaseCommands
        .ForSystemDatabase();
    var windowsAuthDocument = GetWindowsAuthDocument(systemCommands);
    AddOrUpdateAuthUser(windowsAuthDocument, username, "<system>");

    var ravenJObject = RavenJObject.FromObject(windowsAuthDocument);
    systemCommands.Put("Raven/Authorization/WindowsSettings", null, ravenJObject, new RavenJObject());
}

static WindowsAuthDocument GetWindowsAuthDocument(IDatabaseCommands systemCommands)
{
    var existing = systemCommands.Get("Raven/Authorization/WindowsSettings");
    if (existing == null)
    {
        return new WindowsAuthDocument();
    }
    return existing
        .DataAsJson
        .JsonDeserialization<WindowsAuthDocument>();
}

static void AddOrUpdateAuthUser(WindowsAuthDocument windowsAuthDocument, string identity, string tenantId)
{
    var windowsAuthForUser = windowsAuthDocument
        .RequiredUsers
        .FirstOrDefault(x => x.Name == identity);
    if (windowsAuthForUser == null)
    {
        windowsAuthForUser = new WindowsAuthData
        {
            Name = identity
        };
        windowsAuthDocument.RequiredUsers.Add(windowsAuthForUser);
    }
    windowsAuthForUser.Enabled = true;

    AddOrUpdateDataAccess(windowsAuthForUser, tenantId);
}

static void AddOrUpdateDataAccess(WindowsAuthData windowsAuthForUser, string tenantId)
{
    var dataAccess = windowsAuthForUser
        .Databases
        .FirstOrDefault(x => x.TenantId == tenantId);
    if (dataAccess == null)
    {
        dataAccess = new ResourceAccess
        {
            TenantId = tenantId
        };
        windowsAuthForUser.Databases.Add(dataAccess);
    }
    dataAccess.ReadOnly = false;
    dataAccess.Admin = true;
}

class WindowsAuthDocument
{
    public List<WindowsAuthData> RequiredGroups = new List<WindowsAuthData>();
    public List<WindowsAuthData> RequiredUsers = new List<WindowsAuthData>();
}

class WindowsAuthData
{
    public string Name;
    public bool Enabled;
    public List<ResourceAccess> Databases = new List<ResourceAccess>();
}

Using the user access helper method

using (var documentStore = new DocumentStore
{
    Url = "http://locationOfRavenDbInstance:8083/"
})
{
    documentStore.Initialize();
    AddUserToDatabase(documentStore, "UserNameToAdd");
}

Related Articles


Last modified