Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Inigo Docs

Tutorial: How to set up access control using @access directive

Prerequisites:

  1. Create valid access role that later will be extended with the use of @access directive:
    query {
 films {
     director
     title
 }
}
  2. Add definition of @access directive to your service schema:
    directive @access(
 role: [String] = ["allowed role"]
 depth: Int
) on FIELD_DEFINITION
  3. Assign @access directive for the field to which you want to grant access:
    type Query {
 ...
 planets: [Planet!]! @access(role:["superuser"])
}
  4. Finally, add configuration schema to your service config: ```service.yml kind: Service spec: … schema_files:
    • ../../go/starwars/graphql/schema.graphql ```
  5. After applying service config the of resulting access role will look like this: superuser : query { films { director title } planets { * } }

Important notes:

  • A valid role has to be created before using it with @access directive
  • Use depth parameter for the directive @access to restrict access to a certain depth. If depth parameter is omitted then the access will be provided for the whole depth of underlying query.
  • After updating service schema always re-apply your service config for changes to take place.