Authorization

In this part of the tutorial, we are going to define role-based access control rules for each of the models that we created.

Access control rules help in restricting querying on a table based on certain conditions.

In this realtime todo app use-case, we need to restrict all querying only for logged in users. Also, certain columns in tables do not need to be exposed to the user.

The aim of the app is to allow users to manage their own todos only but should be able to view all the public todos.

We will define all of these based on role-based access control rules in the subsequent steps.

Did you find this page helpful?

Edit on GitHub

Create relationship to user

Setup todos table permissions

Start with GraphQL on Hasura for Free

Build apps and APIs 10x faster
Built-in authorization and caching
8x more performant than hand-rolled APIs

Try GraphQL with Hasura

PRODUCT

Hasura Product Offerings

CAPABILITIES

Performance

Instant API

Observability

API Security

Authorization

SUPPORTED DATABASES

PostgreSQL

SQL Server

Oracle

MySQL

Snowflake

MariaDB

Neon

Google BigQuery

AlloyDB

LEARN

Tutorials

Blog

GraphQL Hub

Why Hasura

Help

CONNECT

Community

Case Studies

Events

Hasura Hub

NEWS

Introducing Instant APIs for MySQL, MariaDB, and Oracle

May 2, 2023

NEWS

Introducing a native Postgres integration to Hasura Cloud in partnership with Neon

Oct 18, 2022

Authorization