Skip to content

allow defining multiple (row + column) permission tuples for a given role + table + action #3442

New issue
New issue
Open
Open
allow defining multiple (row + column) permission tuples for a given role + table + action#3442
Assignees
0x777
Labels
a/authzIssues related to "authorization" and the policy engine after session claims are procesedc/serverRelated to serverk/ideasDiscuss new ideas / pre-proposals / roadmapp/mediumnon-urgent issues/features that are candidates for being included in one of the upcoming sprints
@rikinsk

Description

@rikinsk
rikinsk
opened on Nov 28, 2019

To restrict access to sensitive fields, the solution proposed in https://docs.hasura.io/1.0/graphql/manual/queries/control-access.html requires one to modify the db schema (creating a view and setting up new relationships/permissions)

Instead if it were possible to define multilple row + column permission rules this could be avoided.

e.g. For table user(id, name, email, phone), select permissions for role user can be

  • Rule 1:

    • Row permission: {} i.e. without any checks
    • Col permission: name

  • Rule 2:

    • Row permission: {id: {_eq: 'x-hasura-user-id'}} i.e. if user is the owner
    • Col permission: name, email, phone

Metadata

Metadata

Assignees

Labels

a/authzIssues related to "authorization" and the policy engine after session claims are procesedc/serverRelated to serverk/ideasDiscuss new ideas / pre-proposals / roadmapp/mediumnon-urgent issues/features that are candidates for being included in one of the upcoming sprints

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions