Does Hasura generate Role-based introspection?

Question

I want to build an admin tool based on a Hasura backend. Different users will have different level of access based on roles.

Will I be able to do introspection per role and therefore know which fields (from queries) and buttons (for mutations) to show?

Welcome to StackOverflow! What exactly do you mean by "introspection per role"? Is that graphql introspection? If that's so then yes: graphql introspection depends per user role. Users of 'admin' and 'default' roles will see different schemas. And if you activate Allowed List - then introspection will be prohibited if introspection query will not be in Allowed List. — Alex Yu, Aug 04 '21 at 00:27
Good. Check an extended answer - maybe you'll see something useful for you. — Alex Yu, Sep 04 '21 at 05:58

score 1 · Accepted Answer · answered Sep 04 '21 at 05:57

After clarification from OP it became possible to answer this question.

Yes. Hasura generates different schema for different roles.

How to check them?

A. Permissions summary

Go in hasura console to https://[hasura address]/console/data/schema/public/permissions

You will see something similar to:

Note here:

admin role has access to all registered objects and all fields
other roles have access to different sets of objects and different set of fields with different row security checks.

Go to: https://[your hasura]/console/api-explorer.

Set x-hasura-role in Request Headers:

Try to do queries and mutations.

You'll see that sets of objects and fields are different for different roles.

If you activated Allowed List (which is recommended for production) (and if graphql inspection query is not in your Allowed List )

then graphql inspection will be disabled for all roles except admin: