docs/docs/auth/authorization/permissions/row-fetch-limit.mdx
import Thumbnail from '@site/src/components/Thumbnail'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';
Limit the number of rows returned in a response on select operations.
You can set a row fetch limit on the Hasura Console in Data -> [table] -> Permissions -> select -> Row select permissions -> Limit number of rows as per the image below:
<Thumbnail src="/img/auth/authorization_row-fetch-limit_2-16-1.png" alt="Row fetch limit" width="450px" />
</TabItem> <TabItem value="cli" label="CLI">You can set a row fetch limit for a table in the metadata -> databases -> [database-name] -> tables -> [table-name].yaml file, eg:
- table:
schema: public
name: users
select_permissions:
- role: user
permission:
columns:
- id
- name
filter:
user_id:
_eq: X-Hasura-User-Id
limit: 1
Apply the Metadata by running:
hasura metadata apply
You can set a row fetch limit for a table when using the permissions Metadata API. Example using a Postgres db:
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "pg_create_select_permission",
"args": {
"source": "<db_name>",
"table": "users",
"role": "user",
"permission": {
"columns": "*",
"filter": {
"id": {
"_eq": "X-Hasura-User-Id"
}
},
"limit": 1
}
}
}
In the above example, this configuration restricts the number of accessible rows (based on the row permission:
{"id":{"_eq":"X-Hasura-User-Id"}}) to 1.
Setting row fetch limits is useful for preventing abuse of your API especially if it is exposed to the public. You can also configure other limits.