tags

Cascading permissions with inherited roles in Hasura

01 April, 2021 | 1 min read

Inherited roles in Hasura have been one of the most requested features. Many times roles are a combination of roles that already exist in your system. A standard user may have unlimited read access, an editor the ability to update, an admin the ability to create and delete, and a super-user the ability to do all of those. Instead of replicating functionality across multiple role definitions, define each of those abilities in a descriptive way that can then be combined across multiple users.

Inheriting Members and Member-Inheritors with Authorization Groups

Let’s explain this feature in more depth. Imagine a base role called Role A. Role A has the ability to edit items of X class. Role B has the ability to edit items of Y class. Role C has the ability to edit items of Z class.
If we define B and C as member-inheritors of A, then B can now edit X,Y and C can edit X,Z respectively. We could add a third role D that inherits from A,B, and C and has the ability to edit X, Y, and Z class items.

Multiple Roles in Practice

What may be confusing to read in enterprise speak, is very accessible in practice. With the Hasura console, CLI, and API all supporting role inheritance definitions – defining well architected roles is just a few clicks or commands away.
To see how to enable role inheritance in Hasura Cloud, watch this feature’s deep-dive video below.

Learn how to create inherited roles in Hasura
Webinar: Instant streaming APIs on Postgres, with built-in auth
View Recording
Hasura Con
The Hasura User Conference | June 28 - 30, 2022
New Product Announcements
View Recordings


Subscribe IlluSubscribe Illu

Monthly product updates in your inbox. No spam.

Loading...