Does Hasura generate Role-based introspection?

Question

I want to build an admin tool based on a Hasura backend. Different users will have different level of access based on roles.

Will I be able to do introspection per role and therefore know which fields (from queries) and buttons (for mutations) to show?

Answer 1

After clarification from OP it became possible to answer this question.

Yes. Hasura generates different schema for different roles.

How to check them?

A. Permissions summary

Go in hasura console to https://[hasura address]/console/data/schema/public/permissions

You will see something similar to:

Note here:

• admin role has access to all registered objects and all fields
• other roles have access to different sets of objects and different set of fields with different row security checks.

B. Hasura API Explorer

Go to: https://[your hasura]/console/api-explorer.

Set x-hasura-role in Request Headers:

Try to do queries and mutations.

You'll see that sets of objects and fields are different for different roles.

C. Allowed List

If you activated Allowed List (which is recommended for production) (and if graphql inspection query is not in your Allowed List )

then graphql inspection will be disabled for all roles except admin:

For those who are interested in enabling introspection query - check https://github.com/hasura/graphql-engine/blob/master/server/src-rsr/introspection.json