A client certificate with a User security clearance
can grant different levels of access for different databases. These access levels are Admin,
Read/Write, and Read Only.
The Read Only access level only allows you to read data from a database, but not to write data.
You cannot update existing documents, change any configurations, define ongoing tasks
or static indexes. However, the database
will still create auto-indexes in response
to the clients' queries.
This view is found in Manage Server > Certificates
This area lists the databases' names, and the access level for each one:
A - Admin
R/W - Read/Write
R - Read Only
This drop-down menu allows you to either generate a new client certificate, or upload
your own. This will open the Generate/Upload Client Certificate dialog you see on the
Enter the certificate's name.
Select the security clearance. Only the User clearance can have a Read Only access level
for a given database. The options are:
Certificate passphrase - a password that needs to be entered each time someone installs
You can set a custom expiration date for this certificate. This is defined in terms of
months from the current date. Default: 60 months, or 5 years.
Choose the database permissions (the access level) for each database. If a given
database is not added to this list, the certificate will grant no access to that database
Click this to edit a certificate. The name, security clearance level, expiration date,
and database permissions can all be modified.
The Studio in "Read Only" Mode
This section shows the slight variations in the studio that tell you which security
clearance and which access level you currently have, and what you can or can't do.
This dropdown menu allows you to choose a database to view. Access levels are indicated
on the right.
Hover on the green padlock icon at the bottom of the screen to view information about
the certificate your browser is using to access the server.
When using a certificate with Security Clearance "User", most of the views that pertain
to the server (in the "Manage Server" menu), are inaccessible.
Note: this is always true for any certificate with security clearance User - even with
the Admin and Read/Write access levels.
The Manage Server views that can be accessed with a User security clearance are:
The Cluster View, where info about the
cluster topology can be viewed.
The Running Queries view, a live display of queries the server is currently processing.
This split image shows which views that pertain to a specific database are restricted in Read
On the left we see the database "Tasks" menu. "Import Data" and "Create Sample Data" are
On the right we see the database "Settings" menu. Only one view - "Connection Strings" - is
This split image compares the same index in the "Indexes" view in Read Only mode versus other
At the top we see the index in the normal viewing mode ( not Read Only). There are three
buttons at the top right:
1) Edit - view & edit the index definition.
2) Reset index - force the index to start re-indexing all of its data.
3) Remove - delete the index.
At the bottom we see the same index in Read Only mode. In the same spot we now see only one
4) This is the "viewing" button. It opens the exact same view as the above "editing"
button, except you cannot modify the index. Reseting or deleting the index are not possible
in Read Only mode.
This "viewing" button replaces the "editing" button in other parts of the Studio as well.