docs/docs/auth/authorization/permissions/column-presets.mdx
import Thumbnail from '@site/src/components/Thumbnail'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';
While this is not strictly a permission configuration, defining role-based column presets for insert and update
operations on any column automatically removes the ability to manually insert or update it for that role.
The respective fields will also be removed from the generated GraphQL schema for that role.
This setup very useful in avoiding sensitive user information being sent in the request and instead leveraging session variables or static data for that information.
<Tabs groupId="user-preference" className="api-tabs"> <TabItem value="console" label="Console">You can define column presets for either insert or update operations in the Hasura Console in Data ->
[table] -> Permissions -> insert / update as follows:
You can define column presets for table columns in the metadata > databases -> [database-name] -> tables -> [table-name].yaml, eg: public_users.yaml:
table:
name: users
schema: public
insert_permissions:
- role: user
permission:
check: {}
set:
id: x-hasura-User-Id
columns:
- id
Apply the Metadata by running:
hasura metadata apply
You can define column presets with either the insert or update permissions Metadata API. Example using a Postgres db:
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin
{
"type": "pg_create_insert_permission",
"args": {
"table": {
"name": "users",
"schema": "public"
},
"role": "user",
"permission": {
"check": {},
"columns": [
"id"
],
"set": {
"id": "x-hasura-user-id"
}
},
"source": "default"
}
}