Test out permissions

Let's go ahead and start testing the permissions through the GraphQL API for todos table.

Query

Now let's go ahead and query the data by adding two request headers:

x-hasura-role: user
x-hasura-user-id: 1

query {
  todos {
    id
    title
    is_public
    is_completed
    user_id
  }
}

You should get a response looking something like this:

Todo Query

Note that the response received is filtered for the user id 1. If you change the value for x-hasura-user-id to 2, the data would be returned only for the user id 2. This confirms the permissions that we configured in the previous steps.

You can test the permission configuration similarly for the users table as well.

Did you find this page helpful?

Edit on GitHub

Setup online_users view permissions

Authentication

Start with GraphQL on Hasura for Free

Build apps and APIs 10x faster
Built-in authorization and caching
8x more performant than hand-rolled APIs

Try GraphQL with Hasura

PRODUCT

Hasura Product Offerings

CAPABILITIES

Performance

Instant API

Observability

API Security

Authorization

SUPPORTED DATABASES

PostgreSQL

SQL Server

Oracle

MySQL

Snowflake

MariaDB

Neon

Google BigQuery

AlloyDB

LEARN

Tutorials

Blog

GraphQL Hub

Why Hasura

Help

CONNECT

Community

Case Studies

Events

Hasura Hub

NEWS

Introducing Instant APIs for MySQL, MariaDB, and Oracle

May 2, 2023

NEWS

Introducing a native Postgres integration to Hasura Cloud in partnership with Neon

Oct 18, 2022

Test out permissions

Query