4

Basics - I need to return data from columns based on some variables from a different table(I either return column or null if access is not allowed)

I have already done what I need via a custom function in postgres, but the problem is that in Hasura functions share the permission with the table/view it implements SETOF on.
So I have to allow the access to the table itself and as the result permissions in my function are kind of meaningless, because anyone will be able to access the data simply by querying the original table directly.

My current line of thinking is that the only way to do what I need is to create a remote schema and remove access to the original table.

But maybe there is a way to not expose some of the tables as a graphql query? If I could do something like this - I'd just hide my table and expose only a function.

Paolo
  • 20,112
  • 21
  • 72
  • 113
Davinel
  • 940
  • 4
  • 10
  • 20
  • You can create a view that combines the table you want to give access to and the other table. Using this view you can set permissions. – Friedrich Apr 05 '22 at 15:51

1 Answers1

0

The remote schema seems like it would work.

Another option would be the allow-queries option.

It's possible to limit queries. It's a bit tricky it seems, you need an exact copy of every query that should be allowed (with the fields in the exactly correct order), but if you do that, then only your explicitly whitelisted queries will be accepted. More info in the docs.

I'm not familiar enough with postgres permissions to offer any better ideas...

chmac
  • 11,757
  • 3
  • 32
  • 36