Control access to certain data

If you want to control access to sensitive fields in a table, you can either use views to expose only the safe fields or restrict access via permissions.

The following section describes setting up a view for this purpose.

For example, to mask access to the article table and only expose the id, title and rating columns from this table:

Step 1: Create a view

Open the Hasura console and head to the Data -> SQL tab.

Create a view with data from only the required (or safe) columns:

CREATE VIEW article_safe AS
SELECT id, title, rating
FROM article;

Step 2: Modify permissions

You will need to revoke permission (if already granted) from the source table and grant access to the newly created view. So, in our example, we do the following:

  1. Remove access permissions from the article table
  2. Grant access permissions to the article_safe view

Step 3: Query the view

You can now query the newly created view like you would a regular table. For example, the following query will access only the safe fields:

query {
  article_safe {
    id
    title
    rating
  }
}
query { article_safe { id title rating } }
{ "data": { "article_safe": [ { "id": 1, "title": "sit amet", "rating": 1 }, { "id": 2, "title": "a nibh", "rating": 3 }, { "id": 3, "title": "amet justo morbi", "rating": 4 }, { "id": 4, "title": "vestibulum ac est", "rating": 2 } ] } }