Roles are used for access control, defining who is allowed to execute certain queries.
Roles are a very new feature, and still contain limited functionality. Currently, only default roles can be used in a database. We are actively implementing new ways to provision roles-based access control and receive feedback on how users want to design and assign roles.
The structure of a role is shown below:
"permissions": ["query1", "query2"]
The name of the role is its unique identifier. It must be unique for the database that it exists in.
The default field specifies whether the role should be available to any wallet by default. If a role is default, then any random wallet is able to come and execute the query.
The permissions field specifies which queries the role has access to. In the above example, any wallet would have access to "query1" and "query2".
Currently, the only way to specify access to a query is by having a default role apply to it, or to be the owner of the database. Our team already has a lot of the event infrastructure to implement new ways of role assignment, such as NFT-based roles.