DOCS  vx.y

Tutorials

Get instant support on our discord server

Authentication & Authorization

In Hasura, access control or authorization is based on roles. Let’s take a look at how this works when the GraphQL engine receives a request:

As you can see from this:

• Authentication is handled outside Hasura. Hasura delegates authentication and resolution of request headers into session variables to your authentication service (existing or new).

  Your authentication service is required to pass a user’s role information in the form of session variables like X-Hasura-Role, etc. More often than not, you’ll also need to pass user information for your access control use cases, like X-Hasura-User-Id, to build permission rules.

• For Authorization or Access Control, Hasura helps you define granular role-based access control rules for every field in your GraphQL schema (granular enough to control access to any row or column in your database).

  Hasura uses the role/user information in the session variables and the actual query itself to validate the query against the rules defined by you. If the query/operation is allowed, it generates an SQL query, which includes the row/column-level constraints from the access control rules, and sends it to the database to perform the required operation (fetch the required rows for queries, insert/edit rows for mutations, etc.).

See more details about setting up authentication and access control at:

• Authentication
• Authorization / Access control

« previous | next »

Was this page helpful?

Submit

Thank you for your feedback!

Want to contribute or report missing content?

edit this page on github | contributing guidelines | report an issue

Hasura GraphQL engine is open source. See license

Powered by Sphinx. | Copyright © 2020 Hasura.