The purpose of this article is to provide an overview of the authorization mechanism in Graphweaver and explain how to configure it for row-level security (RLS) and column-level security (CLS).
We will discuss user roles, the Authorization Context, ACLs, and how to secure custom queries and mutations.
Let’s start with how Graphweaver uses RBAC.
Role-Based Access Control (RBAC) is a common approach to implementing access control based on user roles.
RBAC allows you to define permissions and access rights at a role level and assign those roles to users. In Graphweaver, RBAC can be implemented using access control lists (ACLs) and hooks.
ACLs define the permissions for different roles on specific resources or operations. You can specify the access rules for different roles using the ACL syntax.
Here's an example of how RBAC can be implemented using an ACL:
const acl: AccessControlList<Task, Context> = {
ADMIN: {
// Admins have full access to all tasks
all: true,
},
USER: {
// Users can only perform operations on their own tasks
all: (context) => ({ user: { id: context.user.id } }),
},
MODERATOR: {
// Moderators have additional permissions
// For example, they can read all tasks but cannot create or update them
read: true,
},
};
In the above example, the ACL specifies the access rules for the Task entity based on different roles.