Modernizing Audit and Advisory Services with Hasura at Fieldguide
Fieldguide builds automation and collaboration software for Audit and Advisory firms – specifically cybersecurity, privacy, and ESG (Environmental, Social, Governance) practices.
With information security and regulatory compliance risk increasing for companies, third party auditors, also known as Risk Advisory Services (RAS) practices, are in high demand. However, risk advisory practitioners typically use legacy, desktop tools built in the 90’s that don’t provide efficiencies in their daily work. Practitioners with Fieldguide have completed thousands of audits on the platform, saving 30-50% of hours and transforming the operations of their practices.
How is Fieldguide using Hasura?
Fieldguide was founded in April 2020 and has used Hasura since the beginning of their product journey. With 800+ commits in their Hasura GitHub repo and 1200+ SQL migrations, Fieldguide leverages Hasura to rapidly iterate on product development, averaging one Hasura deploy a day. And thanks to Hasura’s auto-generated GraphQL operations, Fieldguide developers avoid writing boilerplate data fetching code while maintaining end-to-end type safety.
Using Hasura’s remote schema and event triggers, they’ve joined their own federated service schema which manages emails, authentication, and various document automation and processing workflows. They’ve also used Actions to integrate a RESTful machine learning service.
Fieldguide also required enterprise-grade permissioning, as their customers handle sensitive data every day. Leveraging Hasura’s flexible authorization layer, the team has built up to a dozen layers of logic checks to control who has access to which documents and data.
Fieldguide’s team credits Hasura for their ability to quickly build out features, integrate new functionality, and enforce rigorous permissions. To help with reviewing Hasura permission changes, Fieldguide developed an open-source Github Action.
“We have to build a system that exceeds risk auditors’ security expectations. Hasura has enabled us to do that with its mix of role-based and attribute-based data access.”
Software Engineer at Fieldguide
Audit documents have a complex set of rules that govern who has access to what. Hasura’s flexible authorization logic makes this simple to model.
Remote Schema Merging
Remote schema merging allows the team to build out services in the language of their choice, then leverage those services within their data layer without worrying about access controls.
As the team adopted Actions, they’ve been able to integrate RESTful HTTP endpoints into an unified API, simplifying frontend development and ensuring end-to-end type safety.
Event triggers allow the team to work with asynchronous data flows and bypass cumbersome Postgres functions.
Configuration as Code
Fieldguide’s product and team has grown rapidly, now reaching over 100 tables each with their interrelated permissions. Hasura’s exportable metadata has allowed them to adopt a powerful, but flexible, CI/CD pipeline and ensure consistency between our codebase and the Hasura server.
Visit Fieldguide website