Hasura Roles
Three Initial Roles
A0s requested in this document, there are currently three roles implemented in production:
moped-adminThis role can create amoped-editoras well as read-write access to any part of the database. No deletions are permitted, aggregations are not allowed either.moped-editorThis role has read-write access to any part of the database. No deletions are permitted, aggregations are not allowed either.moped-viewerThis role has read-only access to any part of the database.
How are these roles implemented?
The rules are implemented through a Hasura metadata migration. First, the local hasura cluster is started, then the console. While the console is open, the permissions are changed, then the console will make changes to the metadata file.
How can these roles be changed?
First, create a new branch in git. Then, start the cluster (locally), and open the hasura console. Once the console is open, go to any table you need to make changes to, then change the permission settings for the specific role you need to change.
Once you make changes, the console will directly make changes to the metadata file, which is tracked by git, meaning that git will show differences in the code which you can commit and push to your branch, those changes made to your PR can be tested by someone else without affecting staging and prod, and once approved the branch will be merged to staging (or production) and the migration will be applied automatically by GitHub actions.
Last updated