Type Permissions
To make API fields available to a role in your supergraph, you define a TypePermissions object.
You can think of TypePermissions as being similar to column-level permissions in a relational database. Just as you can restrict access to specific columns in a table based on the user's role, TypePermissions allow you to control access to specific fields in a type within your supergraph.
By default, whenever a new type is created in your supergraph, each field is defined as being only accessible to the
admin role.
To add a new role, add a new item to the permissions array in the TypePermissions object.
Each item in the array should have a role field and an output field. The output field should contain an
allowedFields array, which lists the fields that are accessible to the role when the type is used in an output
context.
To make a new TypePermission object or role available in your supergraph, you'll need to
create a new build using the CLI.
Example
---
kind: TypePermissions
version: v1
definition:
typeName: article
permissions:
- role: admin
output:
allowedFields:
- article_id
- author_id
- title
- role: user
output:
allowedFields:
- article_id
- title
Reference
See the TypePermissions reference for more information.
