Permissions: Alternative to X-Hasura-User-Id session variable, such as X-Hasura-Tenant-Id?

[baseer]

I'd like to know if other session variables besides X-Hasura-User-Id can be used when setting permissions. Such as:

I am using JWT and I would like the user to be able to switch to a different tenant. And so instead of relying on their user id to determine what rows they have permissions for, I would like to rely on their tenant id, which would be in the session variable X-Hasura-Tenant-Id.

Is it recommended to use other session variables like X-Hasura-Tenant-Id for permissions?

Also, I am a little confused as to how the comparison operators (such as _eq in the screenshot) would even work for session variables because it is showing "X-Hasura-User-Id" as a string. In other words, what if I wanted the id to actually equal the string literal "X-Hasura-User-Id" as opposed to the session variable X-Hasura-User-Id. Is that even possible? I am not sure how Hasura is able to differentiate between the string "X-Hasura-User-Id" vs the session variable itself.

[m-rgba]

Yes, using other session variables are recommend and encouraged (the x-hasura-user-id which is shown is kind of a quick-add for a commonly used variable).

The second question is a good one about strings vs x-hasura-[...]. Based on the current setup, everything which is prefixed with x-hasura-[...] will first check with session variables to see if they're present (and then default to string I believe). This could be made more clear in the UI.