Skip to main content

defradb_client_acp_relationship_delete

defradb client acp relationship delete​

Delete relationship

Synopsis​

Delete relationship

To revoke access to a document for an actor, we must delete the relationship between the actor and the document. In order to delete the relationship we require all of the following:

1) Target DocID: The docID of the document we want to delete a relationship for. 2) Collection Name: The name of the collection that has the Target DocID. 3) Relation Name: The type of relation (name must be defined within the linked policy on collection). 4) Target Identity: The identity of the actor the relationship is being deleted for. 5) Requesting Identity: The identity of the actor that is making the request.

Notes:

  • ACP must be available (i.e. ACP can not be disabled).
  • The target document must be registered with ACP already (policy & resource specified).
  • The requesting identity MUST either be the owner OR the manager (manages the relation) of the resource.
  • If the relationship record was not found, then it will be a no-op.
  • Learn more about ACP & DPI Rules

Example: Let another actor (4d092126012ebaf56161716018a71630d99443d9d5217e9d8502bb5c5456f2c5) read a private document: defradb client acp relationship delete \ --collection Users \ --docID bae-ff3ceb1c-b5c0-5e86-a024-dd1b16a4261c \ --relation reader \ --actor did🔑z7r8os2G88XXBNBTLj3kFR5rzUJ4VAesbX7PgsA68ak9B5RYcXF5EZEmjRzzinZndPSSwujXb4XKHG6vmKEFG6ZfsfcQn \ --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac

defradb client acp relationship delete [--docID] [-c --collection] [-r --relation] [-a --actor] [-i --identity] [flags]

Options​

  -a, --actor string        Actor to delete relationship for
-c, --collection string Collection that has the resource and policy for object
--docID string Document Identifier (ObjectID) to delete relationship for
-h, --help help for delete
-r, --relation string Relation that needs to be deleted within the relationship

Options inherited from parent commands​

  -i, --identity string             Hex formatted private key used to authenticate with ACP
--keyring-backend string Keyring backend to use. Options are file or system (default "file")
--keyring-namespace string Service name to use when using the system backend (default "defradb")
--keyring-path string Path to store encrypted keys when using the file backend (default "keys")
--log-format string Log format to use. Options are text or json (default "text")
--log-level string Log level to use. Options are debug, info, error, fatal (default "info")
--log-output string Log output path. Options are stderr or stdout. (default "stderr")
--log-overrides string Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
--log-source Include source location in logs
--log-stacktrace Include stacktrace in error and fatal logs
--no-keyring Disable the keyring and generate ephemeral keys
--no-log-color Disable colored log output
--rootdir string Directory for persistent data (default: $HOME/.defradb)
--secret-file string Path to the file containing secrets (default ".env")
--source-hub-address string The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
--tx uint Transaction ID
--url string URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")

SEE ALSO​