Common access control patterns with Hasura GraphQL Engine

This blog post discusses common access control patterns that can be used with Hasura GraphQL Engine to granularly allow or restrict data. The Hasura GraphQL Engine is a thin server that sits on any Postgres database and allows CRUD operations with real-time GraphQL and access control. It enables role-based access control, which can be integrated with most Auth providers. Access control rules in Hasura are functions of session variables such as x-hasura-role and x-hasura-user-id. The post covers setting up access control rules as functions of these session variables, including insert, select, update, and delete permissions. It also provides examples of specific use cases for enforcing users to insert articles as themselves, handling multiple roles, using views for access control, and enforcing fields to have only particular values.