Create Type Permissions

We can also set permissions for which fields a role can access by setting TypePermissions.

Add TypePermissions

We can then modify the TypePermissions in the same file to the following:

---
kind: TypePermissions
version: v1
definition:
typeName: Users
permissions:
- role: admin
output:
allowedFields:
- createdAt
- email
- favoriteArtist
- id
- isEmailVerified
- lastSeen
- name
- password
- updatedAt
- role: user
output:
allowedFields:
- email
- favoriteArtist
- id
- name
- password

Since the CLI should still be running in dev mode, as we make our changes it will create a new build automatically. When our build is ready, we can add the following headers in our project's Console:

KeyValue
x-hasura-roleuser
x-hasura-user-id7cf0a66c-65b7-11ed-b904-fb49f034fbbb

If we re-run the same query as before, Hasura will parse these values and apply our permissions, returning only Sean's data and only the fields he access to under the user role:

Execute a query

Just like that, we've defined who can access the users model and what data they can access 🎉

Did you find this page helpful?
Start with GraphQL on Hasura for Free
  • ArrowBuild apps and APIs 10x faster
  • ArrowBuilt-in authorization and caching
  • Arrow8x more performant than hand-rolled APIs
Promo
footer illustration
Brand logo
© 2024 Hasura Inc. All rights reserved
Github
Titter
Discord
Facebook
Instagram
Youtube
Linkedin