Alex Klaus Alex Klaus - 3 years ago 60
C# Question

RavenDb Auth Bundle. Why Roles & Users a stored in System Documents?

The official RavenDb documentation is inconsistent on whether to store Users and Roles in the System Documents or General Documents.

Though it doesn't recommend to use a certain way, one article (see KB : Bundles : Authorization Bundle Design) implicitly stores users in the System Documents by starting the document ids with

raven/
, when another (see Bundle: Authorization) uses General Documents (as no
raven/
prefix in document ids).

Question: What are the merits for storing Users and Roles in the System Documents?

Seems that permission checks (
IsAllowed()
method) work regardless of the storage. However, inability to query documents stored in the System Documents (can load by ID only) is a serious drawback.

Answer Source

Alex, Documents starting with Raven/ are called system documents, and are typically used by RavenDB itself. In other words, they typically have meaningful document ids.

Raven/ApiKeys/Foo for example is the document that will be searched to authenticate the foo Api Key.

On the other hand, the IsAllowed method and friends can accept any document id, so that doesn't have to be known ahead of time.

This is the primary reason for the different. Note that system documents are not going to be replicated, while other documents would be replicated. By making your authorization rules docs system documents, you prevent them from being replicated.

That might be something you want to do or not, depending on your needs.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download