A client certificate with a
User security clearance cannot perform any admin operations at the cluster level.
Unlike the other clearance levels, a
User client certificate can grant different access levels to different databases.
These access levels are, from highest to lowest:
- Read Only
If no access level is defined for a particular database, the certificate doesn't grant access to that database at all.
The following operations are permitted at the
Admin access level but not for
- Operations on indexes (put, delete, start, stop, enable and disable)
- Solve replication conflicts
- Configure revisions and delete revision documents
- Define expiration
- Create backups and define periodic backups
- Operations on connection strings (put, get, delete)
- Put client configuration for the database (Max number of requests per session, Read balance behavior)
- Get transaction info
- Perform SQL migration
User certificate with a
Read/Write access level can perform all operations except for those listed above in the 'Admin' and 'Operator'sections.
ReadOnly access level allows clients to:
- Read data from a database, but not to write or modify data.
- Be subscription workers to consume data subscriptions.
- Query the databases that are configured in the client certificate.
is built if there is no existing index that satisfies a query.
Unauthorized actions for ReadOnly client certificates
The following operations are forbidden:
- Creating documents or modifying existing documents
- Changing any configurations or settings
- Creating or modifying ongoing tasks
- Defining static indexes (the database will create
auto-indexes if there is no existing index that satisfies a query.)
Learn more about the
Read Only access level here.