Hasura User Role Inherited Permissions from Anonymous - graphql

I'm trying to grant access so that users can access all user information about themselves + non-sensitive information about others in the user table.
I thought user would inherit permissions from anonymous user which would give them access to the non-sensitive data of all users. This doesn't seem to be the case.
Is there a simple way to do this?

Figured out to create an SQL view for the private user info and set permissions for those columns. Set the remaining columns as public.

Related

How to grant permission for user in table where the id is his username (row permission read rethinkdb)

Is it possible to grant permission for user in table, but only for a specific row in that table. I have a table named PrivateUserInfo where I store users' emails and nicknames: Granting permissions like that: r.db('dbname').table('PrivateUserInfo').grant('testuser', {read: true}); allows them to read everyones data. I want to allow them to read only the row where the id is their username. Setuping a webserver to handle this type of things will defeat the purpose. If I am going to create a webserver then I wouldn't even use permissions in first place and just handle the requests with the web app logged as admin. Which I really want to avoid. This was the main reason I want to use this database.

laravel users with several roles having several permissions

I want to create a RBAC system in laravel where a user can belong to several roles, and each role can have several permissions. The middleware should check if the user has a certain permission (within any of their roles) before it continues with the request.
I am able to implement a case where
A user belongs to one role which has many permissions
A user belongs to several roles which are used to determine access control (without the permissions bit)
I need to implement a user with multiple roles having multiple permissions. Any pointers?
If you are not interested in coding this yourself the a package like Laravel permissions would do exactly what you want.
https://github.com/spatie/laravel-permission
Otherwise you need to create pivot tables between the users ans their roles and the roles and their permissions
So you would have a user_roles table that would consist of user_id and role_I'd.
You would also have a role_permissions table which would have role_id and permission_id.
This would allow you to have many to many relationship and have many through relationship to get straight from user to role and role to user.
Hope that helps
As an overview. You need to have a roles table in your database which defines different types of user's your application can have , Like (Admin, Author, Editor, Moderator etc)
You also need to define a table role_user which contains data on which user has which role. This will be a Many to Many relationship since a user can have multiple roles.
Next you need to define a Middleware CheckRole which basically checks if user has a particular role. You can use this Middleware on different parts of your application to restrict authentication.
You might find this tutorial useful :
https://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/

Creating a security role to be able to only create roles and users without having system admin role

CRM 2015: I want to be able to create a role for local IT to be able to add user accounts and assign roles.
Regarding the 'adding roles' portion, is it simple enough just to create a role for local IT to 'write' to 'security' roles in the'business management' tab of 'security roles' at the user level?
No, this is not that simple. User cannot give another user privilege higher than he has (it would be a serious security hole). So for example you have role to edit Security roles and you have Read access for Accounts in your Business Units. If somebody in your Business unit has no Read access and only User access, you can add him Read access for Business Unit (the same you have), but you will not be able to give him Organizational access (so higher than yours). You could imagine that if this would be possible, you will be able to basically give yourself Admin privilege and do whatever you want in CRM.
Knowing that, it should be possible for you to create a role that for example have full access to Accounts, Contacts, Custom entities etc. and Security Roles. This role would be able to modify other users access levels to Accounts, Contacts etc. but no other entities that they don't have privilege to.
Exactly the same logic applies to assigning the Security Roles. So user A cannot assign a Security Role to user B, if it gives user B privileges higher than has User A.
In the end, it is very hard to properly implement the scenario that you described, because there are so many privileges and user needs to have a lot of them to even use the CRM. I've tried this once but could not satisfy the business requirement - it always ended up with using System Admin role, because there was always some scenario that could have not been handled by a user only with this "specific" security modification role.
Assigning 'System Administrator' security role and changing Access Mode in user record to 'Administrative' helped me to achieve this. User still cannot access any transaction data. So, I think you can go for this approach.

How to set correct roles for login users

I am trying to set roles with parse.com
My aim is to set role to get all the data only for login users.
can you please proved step by step how should it be done with parse.com,
I tryed to play with it and read the tutrial but I am all the time getting accecss to data even if I am not logined.
thnx for helping!
When you create your data object you should be adding an ACL to it, created with the current user and limiting read and write to that user. This is done before you save the data object. You don't need to use a role. A role would be used where you had a group of users who all needed access, then you would add the users to the role and create the ACL for the role instead of a user.

Is the dba_transformations dictionary view only accessible when you log in AS SYSDBA?

I'm trying to query the data dictionary to find information on the transformations in the database. I've given my user DBA privileges, so I can access the DBA_ dictionary views. With this user, I can access all the DBA_ views without issues, however it seems I can only access DBA_TRANSFORMATIONS when logged in AS SYSDBA. Am I missing a special privilege to access this view?
DBA_TRANSFORMATIONS does not have a public synonym by default.
Try this:
select *
from sys.DBA_TRANSFORMATIONS;

Resources