import Since from '@components/shared/Since.astro' import RailroadDiagram from '@components/RailroadDiagram.astro' import Tabs from '@components/Tabs/Tabs.astro' import TabItem from '@components/Tabs/TabItem.astro'
ALTER ACCESS statement
The ALTER ACCESS statement can be used to modify an existing defined access.
Statement syntax
SurrealQL Syntax
ALTER ACCESS [ IF EXISTS ] @name
ON [ ROOT | NAMESPACE | DATABASE ]
[ AUTHENTICATE @expression | DROP AUTHENTICATE ]
[ DURATION
[ FOR GRANT [ @duration | NONE ] ]
[ FOR TOKEN [ @duration | NONE ] ]
[ FOR SESSION [ @duration | NONE ] ]
]
[ COMMENT @string | DROP COMMENT ]
export const alterAst = { type: "Diagram", padding: [10, 20, 10, 20], children: [ { type: "Sequence", children: [ { type: "Terminal", text: "ALTER ACCESS" }, { type: "Optional", child: { type: "Sequence", children: [ { type: "Terminal", text: "IF" }, { type: "Terminal", text: "EXISTS" }, ], }, }, { type: "Terminal", text: "@name" }, { type: "Terminal", text: "ON" }, { type: "Choice", index: 0, children: [ { type: "Terminal", text: "ROOT" }, { type: "Terminal", text: "NAMESPACE" }, { type: "Terminal", text: "DATABASE" }, ], }, { type: "Optional", child: { type: "Choice", index: 0, children: [ { type: "Sequence", children: [ { type: "Terminal", text: "AUTHENTICATE" }, { type: "NonTerminal", text: "@expression" }, ], }, { type: "Sequence", children: [ { type: "Terminal", text: "DROP" }, { type: "Terminal", text: "AUTHENTICATE" }, ], }, ], }, }, { type: "Optional", child: { type: "Sequence", children: [ { type: "Terminal", text: "DURATION" }, { type: "Optional", child: { type: "Sequence", children: [ { type: "Terminal", text: "FOR" }, { type: "Terminal", text: "GRANT" }, { type: "Choice", index: 0, children: [ { type: "Terminal", text: "@duration" }, { type: "Terminal", text: "NONE" }, ], }, ], }, }, { type: "Optional", child: { type: "Sequence", children: [ { type: "Terminal", text: "FOR" }, { type: "Terminal", text: "TOKEN" }, { type: "Choice", index: 0, children: [ { type: "Terminal", text: "@duration" }, { type: "Terminal", text: "NONE" }, ], }, ], }, }, { type: "Optional", child: { type: "Sequence", children: [ { type: "Terminal", text: "FOR" }, { type: "Terminal", text: "SESSION" }, { type: "Choice", index: 0, children: [ { type: "Terminal", text: "@duration" }, { type: "Terminal", text: "NONE" }, ], }, ], }, }, ], }, }, { type: "Optional", child: { type: "Choice", index: 0, children: [ { type: "Sequence", children: [ { type: "Terminal", text: "COMMENT" }, { type: "Terminal", text: "@string" }, ], }, { type: "Sequence", children: [ { type: "Terminal", text: "DROP" }, { type: "Terminal", text: "COMMENT" }, ], }, ], }, }, ], }, ], };
Note that this statement does not allow modification of the access type itself (RECORD / JWT / BEARER), only its duration, the AUTHENTICATE clause, and a COMMENT.
Example usage
-- Define an access
DEFINE ACCESS account ON DATABASE TYPE RECORD
SIGNUP ( CREATE user SET email = $email, pass = crypto::argon2::generate($pass) )
SIGNIN ( SELECT * FROM user WHERE email = $email AND crypto::argon2::compare(pass, $pass) )
DURATION FOR TOKEN 15m, FOR SESSION 12h;
-- Shorten the token duration
ALTER ACCESS account ON DATABASE DURATION FOR TOKEN 1m;