Learn how to use GraphQL Authorization with Mutations to protect your data and control access in Dgraph.
add
authorization state that the rule must hold of nodes created by
the mutation data once committed to the database.
For example, a rule such as the following:
add
rule, in this case saying that you can only add to-do list
items with yourself as the author.
delete
rules allow.
For example, the following rule states that a user can delete a to-do list item
if they own it, or they have the ADMIN
role:
owner
. If evaluated in the database after the mutation occurs, like for add
rules, it would prevent setting the owner
to another user, but would not
prevent editing other’s posts.
Currently, Dgraph evaluates update
rules before the mutation.