Role based bypassing of allowlists #8220

gradisarjoze · 2022-02-22T14:35:08Z

gradisarjoze
Feb 22, 2022

It would be nice to have a feature where certain roles would be able to bypass the allowlists. Just like it works for the admin role.

Example use:

Customer facing app would have allowlists enabled for customer roles, as graphql operations are defined within the app and it's easy to generate those allowlists.
Administrator app would have allowlists disabled for administrator roles, as in somecases (React Admin), you are not able to extract all possible operations.

An example we are looking at is React Admin with ra-data-hasura package.
Admin needs to do an Introspection Query in order to work. After that, querying across tables works out of the box if allowlists are disabled. Once you enable allowlists, queries on such dashboard will not work as they are not defined anywhere and work on the fly.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Role based bypassing of allowlists #8220

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Role based bypassing of allowlists #8220

Uh oh!

gradisarjoze Feb 22, 2022

Replies: 0 comments

gradisarjoze
Feb 22, 2022