ACL implementation

When a client sends a query to the server, where is the place that I can filter for permissions.
I have used Hasura. There I can declare ACL on the tables through an interface. I don’t have to enterprise for this.
How do you implement this?
If using Apollo server, you write resolvers, there you can implement your business logic and permissions.
How do you do it with dgraph, it seems at first as a direct access to db…

ACL is currently an enterprise edition feature, so you would need to get a license or implement your own workaround. For what it’s worth, an ACL can be expressed natively as a graph. Depending on your preferred access structure (role-based, discretionary, mandatory, etc.), you could probably apply some middleware that: 1) parses any given GraphQL± query; 2) applies a transformation that results in all components of the underlying query also being described in their relation to the access control structure for a given user; 3) passes the transformed query to Dgraph; and 4) processes the result to perform any remaining access validation while transforming the result structure back to the shape of the original untransformed query.

This approach would very likely not be as performant as the enterprise feature, but it’s something.

1 Like

The hosted solution will include acl at the free level?

I can’t speak to that as I’m not aware of anything about hosting or tiers. I’ll have to leave it to someone who can, sorry.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.