sections: authentication:authentication-root
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| authentication:authentication-root | authentication | authentication-root | Using the "root" actor | Datasette currently leaves almost all forms of authentication to plugins - datasette-auth-github for example. The one exception is the "root" account, which you can sign into while using Datasette on your local machine. The root user has all permissions - they can perform any action regardless of other permission rules. The --root flag is designed for local development and testing. When you start Datasette with --root , the root user automatically receives every permission, including: All view permissions ( view-instance , view-database , view-table , etc.) All write permissions ( insert-row , update-row , delete-row , create-table , alter-table , drop-table ) Debug permissions ( permissions-debug , debug-menu ) Any custom permissions defined by plugins If you add explicit deny rules in datasette.yaml those can still block the root actor from specific databases or tables. The --root flag sets an internal root_enabled switch—without it, a signed-in user with {"id": "root"} is treated like any other actor. To sign in as root, start Datasette using the --root command-line option, like this: datasette --root Datasette will output a single-use-only login URL on startup: http://127.0.0.1:8001/-/auth-token?token=786fc524e0199d70dc9a581d851f466244e114ca92f33aa3b42a139e9388daa7 INFO: Started server process [25801] INFO: Waiting for application startup. INFO: Application startup complete. INFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) Click on that link and then visit http://127.0.0.1:8001/-/actor to confirm that you are authenticated as an actor that looks like this: { "id": "root" } | ["Authentication and permissions", "Actors"] | [{"href": "https://github.com/simonw/datasette-auth-github", "label": "datasette-auth-github"}] |