Cascading permissions with inherited roles in Hasura

01 April, 2021 | 1 min read

Inherited roles in Hasura have been one of the most requested features. Many times roles are a combination of roles that already exist in your system. A standard user may have unlimited read access, an editor the ability to update, an admin the ability to create and delete, and a super-user the ability to do all of those. Instead of replicating functionality across multiple role definitions, define each of those abilities in a descriptive way that can then be combined across multiple users.

Inheriting Members and Member-Inheritors with Authorization Groups

Let’s explain this feature in more depth. Imagine a base role called Role A. Role A has the ability to edit items of X class. Role B has the ability to edit items of Y class. Role C has the ability to edit items of Z class.
If we define B and C as member-inheritors of A, then B can now edit X,Y and C can edit X,Z respectively. We could add a third role D that inherits from A,B, and C and has the ability to edit X, Y, and Z class items.

Multiple Roles in Practice

What may be confusing to read in enterprise speak, is very accessible in practice. With the Hasura console, CLI, and API all supporting role inheritance definitions – defining well architected roles is just a few clicks or commands away.
To see how to enable role inheritance in Hasura Cloud, watch this feature’s deep-dive video below.

Learn how to create inherited roles in Hasura

Get Started with GraphQL Now

Hasura Cloud gives you a fully managed, production ready GraphQL API as a service to help you build modern apps faster.

Ready to get started?
Start for free on Hasura Cloud or you could contact our sales team for a detailed walk-through on how Hasura may benefit your business.
Get monthly product updates
Sign up for full access to our community highlights, new features, and occasional baby animal gifs! Oh, and we have a strict no-spam rule. ✌️