Company
Date Published
May 23, 2019
Author
Rishichandra Wawhal
Word count
1582
Language
English
Hacker News points
None

Summary

This blog post discusses common access control patterns that can be used with Hasura GraphQL Engine to granularly allow or restrict data. The Hasura GraphQL Engine is a thin server that sits on any Postgres database and allows CRUD operations with real-time GraphQL and access control. It enables role-based access control, which can be integrated with most Auth providers. Access control rules in Hasura are functions of session variables such as x-hasura-role and x-hasura-user-id. The post covers setting up access control rules as functions of these session variables, including insert, select, update, and delete permissions. It also provides examples of specific use cases for enforcing users to insert articles as themselves, handling multiple roles, using views for access control, and enforcing fields to have only particular values.