Column Permissions
Introduction
Column permissions determine which columns are accessible in the rows which are accessible.
- Console
- CLI
- API
Column-level permissions are simple selections on the Hasura Console in Data -> [table] -> Permissions -> insert / select / update as per this example:
You can set column-level permissions in the metadata -> databases -> [database-name] -> tables -> [table-name].yaml
file, eg:
- table:
schema: public
name: users
select_permissions:
- role: user
permission:
columns:
- id
- name
- email
filter:
id:
_eq: X-Hasura-User-Id
Apply the metadata by running:
hasura metadata apply
You can set column-level permissions when using the permissions metadata API. Example using a Postgres db:
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "pg_create_select_permission",
"args": {
"source": "<db_name>",
"table": "users",
"role": "user",
"permission": {
"columns": [
"id",
"name",
"email",
],
"filter": {
"id": "X-Hasura-User-Id"
}
}
}
}
In this example, the role user has only partial access to columns of the accessible rows for the select operation.