re: Modelling teams and user security with Hasura VIEW POST


Hi Gordon,

I was looking at Hasura's permission system from the other way around before I read your great post: leveraging on "default role", "allowed roles" and "current" (per request) role. I'd have managed composite roles in eg. Keycloak and use a custom auth hook to build the custom token for Hasura but then I would need to alter the "current" role for each request. This would force me to use http(s) instead of ws(s) until this one is closed:


This would also look odd on Hasura Console which lists ALL roles for ALL tables and would make managing permissions a lot messier.

Your solution looks more maintainable. Your post being almost 1 year old, do you have any advice for newcomers going down this road?

Thanks for the great article.

code of conduct - report abuse