PromptQL is on ProductHunt now 🎉
Hasura Logo

/

/

Contact Us
hasura-header-illustration

Powerful Authorization Engine

Decimate the time and complexity to add proper access control rules into data APIs.

Powerful Authorization Engine

Illustration
API Security with Hasura
Get a deep dive on the power, simplicity, and flexibility of the Hasura authorization engine.
Enterprise-grade Authorization
Learn how to model popular authorization patterns like RBAC, ABAC, AWS IAM and GCP IAM in Hasura.
API Security Docs
Follow the docs to setup authorization and authentication.

Fine-grained role-based access control

You define permissions granularity on the schema, sessions, and data (table, row, and column). For every role you create, Hasura automatically publishes a different GraphQL schema that represents the right queries, fields, and mutations that are available to that role. Every operation will use the request context to further apply permissions rules on the data.

Built-in input validation and constraint validation

When writing data and submitting forms, if you would like the validation logic to be at the GraphQL API layer, Hasura permissions can be used to add your validation. If the validation logic requires complex business logic or needs information from external sources, you can use Hasura Actions to perform your validation.

Built-in input validation and constraint validation

Cross-source authorization

That integrates authorization rules based on data and entitlements in different sources. Hasura forwards the resolved values as headers to your external services, and you can use this information to apply authorization rules in your external service.

Authorization predicate pushdown

Whenever possible, Hasura can automatically push down the authorization check in the data query itself. This provides a significant performance boost and avoids additional lookups where it can be avoided.
Peter Downs
Peter Downs
Director of Engineering, Pipe
"... Basically, we’re seeing that it takes only about a tenth of the time to develop a new page in our application or a new component based on having adopted Hasura."
Pipe
Pipe saw their development time drop by 90% with Hasura
Karthik Srinivasan
Karthik Srinivasan
Solution Architect, Philips Healthcare
"If we had gone the traditional way, this process would have taken us two to four years. With Hasura, we have been able to crunch it to just under a year."
Philips Healthcare
Philips increased the speed of their development by 2-4x with Hasura

More Authorization features at a glance

Row permissions

Row permissions are powerful boolean expressions that help you restrict access to database rows for each database operation and user role.

Column permissions

Column-level permissions determine which columns are accessible in the rows which are accessible.

Aggregation permissions

Aggregation permissions enable access to aggregation queries for a given role on select operations.

Row fetch limit

Row fetch limit caps the number of rows returned in a response on select operations.

Root field visibility

Root field visibility disables specific query and subscription root fields to manage certain role-based access.

Column presets

Column presets are to avoid sensitive user information being sent in a request by removing the ability to manually insert or update operations for that role.

Explore further

Docs
Authentication and access control
Webinar
Enterprise-grade authorization
Blog
Hasura authorization system through examples
2024 Edition

The GraphQL Handbook

A GraphQL Handbook for developers and architects to help plan your GraphQL adoption journey.
The GraphQL Handbook

Ship a rock-solid API on your data – in minutes!