You define permissions granularity on the schema, sessions, and data (table, row, and column). For every role you create, Hasura automatically publishes a different GraphQL schema that represents the right queries, fields, and mutations that are available to that role. Every operation will use the request context to further apply permissions rules on the data.
When writing data and submitting forms, if you would like the validation logic to be at the GraphQL API layer, Hasura permissions can be used to add your validation. If the validation logic requires complex business logic or needs information from external sources, you can use Hasura Actions to perform your validation.
"By using Hasura we cut the development time in half and built our product in 3 months & built-in role-based authorization system made it easy to secure our data."
Lower dev time
That integrates authorization rules based on data and entitlements in different sources. Hasura forwards the resolved values as headers to your external services, and you can use this information to apply authorization rules in your external service.
Whenever possible, Hasura can automatically push-down the authorization check in the data query itself. This provides a significant performance boost and avoids additional lookups where it can be avoided.
Row permissions are powerful boolean expressions that help you restrict access to database rows for each database operation and user role.
Column-level permissions determine which columns are accessible in the rows which are accessible.
Aggregation permissions enable access to aggregation queries for a given role on
Row fetch limit caps the number of rows returned in a response on
Root field visibility disables specific query and subscription root fields to manage certain role-based access.
Column presets are to avoid sensitive user information being sent in a request by removing the ability to manually
update operations for that role.
Backend-only mutations hide a mutation from a public-facing API but allow access to it via a trusted backend.
Secure your APIs with tools including allow list, multiple JWT secrets, API rate limits and more.
Run Hasura and connect your databases for a unified, production-ready GraphQL API in an instant.
Monitor for known issues by debuting and analyzing metrics from your Hasura instance.