How can I restrict the API access to a specific branch?
Is this even possible? I can't find anything in the docs.
6 Replies
At the moment Xata provides Personal API keys that grant full read/write permissions to all workspaces, databases, branches within the user account. Access can be separated by placing databases under different workspaces. Granularity at the branch level of the same db isn't possible with the current permission scheme.
We're planning to extend the API key and user permission scheme in a future iteration, I anticipate some progress by the end of this year. We have logged an enhancement request on our public board for it (https://feedback.xata.io/feature-requests/p/scoped-and-read-only-api-keys - feel free to upvote, it helps us gauge demand) and it is part of our roadmap.
Thank you for the fast response - the upvote is in. I guess, in this case, we will at least go with the multiple-workspace approach. The workspace limit of 40 sounds more than enough for now 🙂
Will it be possible to later transfer the database to a different workspace?
BTW, is this related or something different?
https://feedback.xata.io/feature-requests/p/row-level-security
Transfering databases will eventually be possible, but not part of an imminent release cycle yet. For postgres-enabled dbs it is relatively easy to move them around workspaces/regions as you can export them with pg_dump and import them with pgrestore/psql.
For non-postgres databases this tool can copy them around over the REST API: https://github.com/xataio/xtools/tree/main/xreplay
GitHub
xtools/xreplay at main · xataio/xtools
Collection of tools and scripts. Contribute to xataio/xtools development by creating an account on GitHub.
Both methods however, pg_dump and xreplay, do not support file attachments. Files will not be exported / copied.
As for Row level security, that's a related enhancement request but slightly different: it refers to a permission scheme within the table, with granularity at the record and column level. This will take a while.