2019-04-19 13:48:18 +03:00
|
|
|
Restrict access to certain fields
|
|
|
|
|
=================================
|
2018-09-11 14:11:24 +03:00
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
.. contents:: Table of contents
|
|
|
|
|
:backlinks: none
|
2019-09-05 17:53:50 +03:00
|
|
|
:depth: 2
|
2018-12-03 15:12:24 +03:00
|
|
|
:local:
|
|
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
If you want to restrict access to sensitive fields in a table, you can either use views to expose only the safe fields
|
2019-05-17 15:03:35 +03:00
|
|
|
or :ref:`restrict access via permissions <col-level-permissions>`.
|
2018-09-11 14:11:24 +03:00
|
|
|
|
|
|
|
|
The following section describes setting up a view for this purpose.
|
|
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
**For example**: Say we have a table ``user_profile (id, name, email, phone, address)``, to restrict users to
|
|
|
|
|
only have access to the ``id``, ``name`` & ``email`` fields of other users, we can:
|
2018-09-11 14:11:24 +03:00
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
Step 1: Create a view
|
|
|
|
|
---------------------
|
2018-09-11 14:11:24 +03:00
|
|
|
Open the Hasura console and head to the ``Data -> SQL`` tab.
|
|
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
Create a view with data from only the required (or public) columns:
|
2018-09-11 14:11:24 +03:00
|
|
|
|
|
|
|
|
.. code-block:: SQL
|
|
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
CREATE VIEW user_public AS
|
|
|
|
|
SELECT id, name, email
|
|
|
|
|
FROM user_profile;
|
2018-09-11 14:11:24 +03:00
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
Step 2: Modify permissions
|
|
|
|
|
--------------------------
|
2018-09-11 14:11:24 +03:00
|
|
|
You will need to revoke permission (if already granted) from the source table and grant access to the newly created
|
|
|
|
|
view. So, in our example, we do the following:
|
|
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
#. Remove **select** permissions from the ``user_profile`` table
|
2018-09-11 14:11:24 +03:00
|
|
|
|
2019-04-19 13:48:18 +03:00
|
|
|
#. Grant **select** permissions to the ``user_public`` view
|
2018-09-11 14:11:24 +03:00
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
Step 3: Query the view
|
|
|
|
|
----------------------
|
2019-04-19 13:48:18 +03:00
|
|
|
You can now query the newly created view like you would a regular table:
|
2018-09-11 14:11:24 +03:00
|
|
|
|
|
|
|
|
.. graphiql::
|
|
|
|
|
:view_only:
|
|
|
|
|
:query:
|
|
|
|
|
query {
|
2019-04-19 13:48:18 +03:00
|
|
|
user_public {
|
2018-09-11 14:11:24 +03:00
|
|
|
id
|
2019-04-19 13:48:18 +03:00
|
|
|
name
|
|
|
|
|
email
|
2018-09-11 14:11:24 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
:response:
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
2019-04-19 13:48:18 +03:00
|
|
|
"user_public": [
|
2018-09-11 14:11:24 +03:00
|
|
|
{
|
|
|
|
|
"id": 1,
|
2019-04-19 13:48:18 +03:00
|
|
|
"name": "Justin",
|
|
|
|
|
"email": "justin@xyz.com"
|
2018-09-11 14:11:24 +03:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 2,
|
2019-04-19 13:48:18 +03:00
|
|
|
"name": "Beltran",
|
|
|
|
|
"email": "beltran@xyz.com"
|
2018-09-11 14:11:24 +03:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 3,
|
2019-04-19 13:48:18 +03:00
|
|
|
"name": "Sidney",
|
|
|
|
|
"email": "sidney@xyz.com"
|
2018-09-11 14:11:24 +03:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 4,
|
2019-04-19 13:48:18 +03:00
|
|
|
"name": "Angela",
|
|
|
|
|
"email": "angela@xyz.com"
|
2018-09-11 14:11:24 +03:00
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
