Learn how to configure access control on Tableland.
Access control is a critical component of any database. Tableland provides a flexible access control system that allows you to configure access control on a per-table basis. This means that you can configure access control for each table in your database such that different users have different permissions on different tables, and the rules can be dynamic in nature.
There are two ways to configure access control on Tableland:
- Smart contract rules & controllers.
The first method is more flexible and allows you to configure access control based on onchain definitions. The second method is more limited in scope, but is easier to use and is more familiar to SQL developers. Both methods can be used in conjunction with each other.
A controller contract can make assertions about a user's permissions—such as balances, roles, or ownership—before returning permissions for
DELETE operations along with attached
WITH CHECK clauses.
With pure SQL,
REVOKE statements only allow for simple
DELETE permissions to be granted to a user. These permissions are not dynamic and cannot be based on onchain definitions, so they're more rigid in nature (e.g., granting a specific address with
How it works
Across the various Tableland clients, you can either write
REVOKE statements as a mutating query, or you can deploy a controller contract and set it as the controller for a table. The following sections are where these operations can be performed:
Assuming you have ownership permissions on a table, you can pass
REVOKE statements as mutating queries:
- SQL guide: here
- SDK with executing statements: here
- CLI with
- Smart contracts with
The prerequisites for setting a controller is to deploy a controller smart contract. Then, you can call methods that set the controller for a table: