Create roles in raw SQL

[ghost]

I started off with a free tier cloud account. I did try to add roles, in the Hasura backend, by entering raw SQL. I found myself having errors. While adding roles under the tab permissions, it worked smooth. Is it true you use a different system than the normal roles used in PostgreSQL? If so where can i find these roles by using SQL?

What is the expected behaviour?
That roles added in the backend end up in a query like this:

SELECT *
FROM pg_catalog.pg_roles;

Or

SELECT *
FROM pg_catalog.pg_user;

Any possible solutions/workarounds you're aware of?
No

Keywords
Roles, SQL

[meetzaveri]

Hey @rodezee

Re: Is it true you use a different system than the normal roles used in PostgreSQL?

Yes. You might be expecting that Postgres row security polices should mutually work with Hasura. But let me clarify, that Hasura has their own row security polices, and they enforce rules in generated SQL when you perform a query/mutation via Hasura.

We maintain permissions for each db object (tables/functions) in metadata. So you may find roles in metadata rather than querying via SQL against any table.

Note: Hasura’s permissions are only enforced when querying the database via Hasura itself. If you tried to implement roles on your own in the Postgres, then you would not be able to access or see them in Hasura permissions instead those can be only be in effect when accessing database via third party client (other than Hasura).

We do need to clarify this in docs as well, but here I am already informing you verbally in this discussion.

Re: If so where can i find these roles by using SQL?
As I mentioned, those cannot be accessed via some SQL query.

If you prefer not to interact with console to manage permissions, then we have metadata APIs through which you can manage permissions for SELECT/UPDATE/INSERT/DELETE operations on specific table(s) or function(s). For reference - pg_create_select_permission, pg_create_function_permission etc.

I hope this answers your questions/doubts.

[ghost]

Thank you for response. This makes sense now. I'll probably find my way with links you gave me. Good luck with this awesome project.