Restrict allowed operations

Restrict allowed operations

You can now restrict access to specific operations using rules when configuring your project's schema.

You can set the following rules when using signed-in or group based authorization:

You can now provide an array of allowed operations when configuring rules.

schema @auth( providers: [{ type: oidc, issuer: "{{ env.ISSUER_URL }}" }] rules: [ { allow: private, operations: [read] } { allow: groups, groups: ["moderator"], operations: [update] } { allow: groups, groups: ["admin"] } ] ) { query: Query }

The schema above will control data access for:

  • Signed-in users to perform read operations
  • Users of the moderator group to perform update operations
  • Users of the admin group to perform all operations
Youtube video thumbnail

We'd love to hear your feedback and ideas, so join us on Discord.