GraphQL - ACL

GraphQL Access Control List

Access control - graphql


Access control works at two levels

  • Permissions - Simple read/write permissions for user defined roles
    • See the usage and examples below
  • ACL - Url permissions for user defined roles and HTTP request type

Permission set - cli

CLI Command


  • model_name - Name of the model you want to set permissions, can be multiple model names separated by .. Wildcard $ would be apply to all the models.
  • role_type - Role type to update. Wildcard $ would be apply to all the roles types.
  • permission_or_resolver_name - Permission/Resolver name can be multiple by default it will uses value as 1, To use specific value use = followed by the value.

Example :


Permission get - cli

CLI Command


  • model_name - Name of the model you want to get permissions.

Example 1 :


Explained with examples with policy.js and api output snapshot

Initial value of city.policy.js


After executing xc permissions.set city guest CityList=0 (blocking CityList query access for guest user)


Access control workflow - GraphQL API

Role


Role Add

CLI Command

  • role_type - new role type name.

Example :


Role rename

CLI Command

  • old_role_type - old role type name.
  • new_role_type - new role type name.

Example :


Role delete

CLI Command

  • role_type - name of role type to delete.

Example :

GUI Based ACL


In addition to CLI based ACL management, users can also update access using the GUI application. A simple table-based UI which helps users to enable/disable access by simply toggling the checkbox. It will be available for each table and updated in the corresponding policy file.


An example for GUI based ACL

Subscribe to Our Newsletter

Let us stretch your imagination

Download App