Cascading permissions with inherited roles in Hasura
Inherited roles in Hasura have been one of the most requested features. Many times roles are a combination of roles that already exist in your system. A standard user may have unlimited read access, an editor the ability to update, an admin the ability to create and delete, and a super-user the ability to do all of those. Instead of replicating functionality across multiple role definitions, define each of those abilities in a descriptive way that can then be combined across multiple users.
Inheriting Members and Member-Inheritors with Authorization Groups
Let’s explain this feature in more depth. Imagine a base role called Role A. Role A has the ability to edit items of X class. Role B has the ability to edit items of Y class. Role C has the ability to edit items of Z class. If we define B and C as member-inheritors of A, then B can now edit X,Y and C can edit X,Z respectively. We could add a third role D that inherits from A,B, and C and has the ability to edit X, Y, and Z class items.
Multiple Roles in Practice
What may be confusing to read in enterprise speak, is very accessible in practice. With the Hasura console, CLI, and API all supporting role inheritance definitions – defining well architected roles is just a few clicks or commands away. To see how to enable role inheritance in Hasura Cloud, watch this feature’s deep-dive video below.