datomic

Ask questions on the official Q&A site at https://ask.datomic.com!
onetom 2020-11-17T03:21:08.433100Z

How can we restrict client apps / IAM users to only have access to certain databases? The https://docs.datomic.com/cloud/operation/access-control.html article defines the DbName metavariable at the beginning, but then it's not mentioned afterwards. It does have a section called Authorize Client Applications, linking to https://docs.datomic.com/cloud/operation/client-applications.html , but that page doesn't mention DbName either. Is it not possible to restrict access to certain dbs or it's just not documented?

joshkh 2020-11-17T16:23:10.436500Z

i'd like to know this as well. i had started defining a policy to grant access to just certain access keys in the datomic s3 bucket, but in the end gave up (admittedly after not much trial and error)

mruzekw 2020-11-17T04:17:58.433800Z

Has anyone been able to install dev-local on a Windows machine (not WSL or VM)?

mruzekw 2020-11-17T04:30:42.434900Z

Looks like Powershell is particular about . in args. When you run the mvn commands from ./install wrap the whole -Dfile arg in quotes (`"-Dfile=…"`)

jaret 2020-11-17T15:01:38.435200Z

I was able to get Dev-local running on windows 10, using powershell. I created the .datomic\dev-local.edn file and populated with:

jaret 2020-11-17T15:01:49.435400Z

{:storage-dir "C:\\Users\\<COMPUTER NAME>\\dev-local-proj\\storage"}

jaret 2020-11-17T15:07:04.435700Z

alternatively you can specify the storage dir which is what is contained in the .datomic folder.

jaret 2020-11-17T15:07:24.435900Z

(def client (d/client {:server-type :dev-local
                       :storage-dir "C:\\Users\\<COMPUTER NAME>\\dev-local-proj\\storage"
                       :system "dev"}))

mruzekw 2020-11-17T16:56:51.436700Z

Thanks, jaret!

jaret 2020-11-17T15:01:38.435200Z

I was able to get Dev-local running on windows 10, using powershell. I created the .datomic\dev-local.edn file and populated with:

jaret 2020-11-17T15:01:49.435400Z

{:storage-dir "C:\\Users\\<COMPUTER NAME>\\dev-local-proj\\storage"}

jaret 2020-11-17T15:07:04.435700Z

alternatively you can specify the storage dir which is what is contained in the .datomic folder.

jaret 2020-11-17T15:07:24.435900Z

(def client (d/client {:server-type :dev-local
                       :storage-dir "C:\\Users\\<COMPUTER NAME>\\dev-local-proj\\storage"
                       :system "dev"}))

tvaughan 2020-11-17T15:47:55.436100Z

Same

joshkh 2020-11-17T16:19:48.436300Z

only just saw this thread, but in case you haven't found an answer yet @souenzzo, can you clarify by what you mean as permissions? user permissions to your api? permissions for your ion to access other AWS services?

joshkh 2020-11-17T16:23:10.436500Z

i'd like to know this as well. i had started defining a policy to grant access to just certain access keys in the datomic s3 bucket, but in the end gave up (admittedly after not much trial and error)

mruzekw 2020-11-17T16:56:51.436700Z

Thanks, jaret!

souenzzo 2020-11-17T18:10:04.436900Z

How to customize the IAM of the machines created by DatomicCloudCloudFormation template It isn't just "find the the group and add the permission" If you do that (like i did) you will not be able to remove/upgrade the CloudFormation because it will fail