Actions permissions¶
Table of contents
Introduction¶
As with the other fields in the GraphQL schema, users need to be given access to an action.
Set action permissions¶
Head to the Actions -> [action-name] -> Permissions
tab in the
console.
Hit Save
to give the role permission to access the action.
Go to metadata/actions.yaml
in the Hasura project directory.
Update the definition of the insertAuthor
action as:
- actions
- name: insertAuthor
definition:
kind: synchronous
handler: '{{ACTIONS_BASE_URL}}/insertAuthor'
permissions:
- role: user
- role: publisher
Save the changes and run hasura metadata apply
to set the
permissions.
Action permissions can be set by using the create_action_permission metadata API:
POST /v1/query HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "create_action_permission",
"args": {
"action": "insertAuthor",
"role": "user"
}
}