Permissions are described using different parameters.
The operation of a permission describes what types of requests it is evaluated for. CRUD operations as derived from a type as well as operations for relations are available:
Nested mutations, are broken down into multiple isolated operations. A nested mutation might need to pass a
Create Typeand multiple
Update Relationpermissions for instance.
For most type operations, it's of interest which fields the permission governs while relation permissions can affect connecting, disconnecting or both operations.
To apply a permission to future fields as well, choose
apply to whole typewhen creating a permission.
The audience of a permission describes how the permission relates to the authenticated state of a request. A permission can either be open to
EVERYONE or only to
Was this page helpful?