Powerful
Authorization Engine
Get started with Hasura Cloud
Fine-grained role-based access control
You define permissions granularity on the schema, sessions, and data (table, row, and column). For every role you create, Hasura automatically publishes a different GraphQL schema that represents the right queries, fields, and mutations that are available to that role. Every operation will use the request context to further apply permissions rules on the data.
Learn more
Built-in input validation and constraint validation
When writing data and submitting forms, if you would like the validation logic to be at the GraphQL API layer, Hasura permissions can be used to add your validation. If the validation logic requires complex business logic or needs information from external sources, you can use Hasura Actions to perform your validation.
Learn more
Mark Erdmann
Software Engineer, Pulley
"By using Hasura we cut the development time in half and built our product in 3 months & built-in role-based authorization system made it easy to secure our data."
Cross-source authorization
That integrates authorization rules based on data and entitlements in different sources. Hasura forwards the resolved values as headers to your external services, and you can use this information to apply authorization rules in your external service.
Learn more
Authorization predicate push-down
Whenever possible, Hasura can automatically push-down the authorization check in the data query itself. This provides a significant performance boost and avoids additional lookups where it can be avoided.
Learn more
More Authorization features at a glance
Row permissions
Row permissions are powerful boolean expressions that help you restrict access to database rows for each database operation and user role.
Column permissions
Column-level permissions determine which columns are accessible in the rows which are accessible.
Aggregation permissions
Aggregation permissions enable access to aggregation queries for a given role on select operations.
Row fetch limit
Row fetch limit caps the number of rows returned in a response on select operations.
Root field visibility
Root field visibility disables specific query and subscription root fields to manage certain role-based access.
Column presets
Column presets are to avoid sensitive user information being sent in a request by removing the ability to manually insert or update operations for that role.
Backend-only mutations
Backend-only mutations hide a mutation from a public-facing API but allow access to it via a trusted backend.
Learn how Hasura meets other API requirements
API Security
Secure your APIs with tools including allow list, multiple JWT secrets, API rate limits and more.
Learn more
Instant API
Run Hasura and connect your databases for a unified, production-ready GraphQL API in an instant.
Learn more
Observability
Monitor for known issues by debuting and analyzing metrics from your Hasura instance.
Learn more
Explore further
