User role for the app

In this realtime slack app, we need to restrict all querying only for logged in users. We assume that data is not publicly accessible. Everything revolves around what users do on the app. Also certain columns in tables need not be exposed to the user.

Let's see the different responsibilities that a user can have.

Administrative

All administrative tasks require write access to the database. Some of the administrative tasks are

  • Create and manage workspaces
  • Create and manage channels
  • Add members to workspace and channel

Non Administrative

Non-administrative tasks require scoped read and write access to the database.

For example, in a Slack app you have Members. They can join a Slack workspace. They can use Slack to communicate and collaborate with other members.

  • User can read and send messages to channels
  • User can read and send messages to other users in the same workspace

We need to be able to apply these actions to a role. We will see how in the next section.

Did you find this page helpful?
Start with GraphQL on Hasura for Free
  • ArrowBuild apps and APIs 10x faster
  • ArrowBuilt-in authorization and caching
  • Arrow8x more performant than hand-rolled APIs
Promo
footer illustration
Brand logo
© 2024 Hasura Inc. All rights reserved
Github
Titter
Discord
Facebook
Instagram
Youtube
Linkedin