I'm new to Hasura & I'm exploring Permissions feature that comes with Hasura for authorization. We have a table named "devices" which contains device information like name, IP address, etc. We have configured couple of additional roles named "manager" & "user" along with default role that comes with Hasura i.e. "admin". When it comes to our web app, there are couple of pages (i.e. /request/device & /devices) which deals with "devices" table.
- Now, when I access "request/device" page as a person with "user" role, I should be allowed to see 'ALL' the devices (only "name" column from the table) so that I can request for one.
- Whereas, when I try to access "/devices" page as a person with "user" role, I should be allowed to see 'ONLY' the devices that I have access to (all the fields from the table)
Is it possible to achieve this using permissions feature provided by Hasura? If so, could you please shed some light here?
PS: I was thinking to create couple of views of top of "devices" table in DB (one for each page) and grant permissions accordingly, but I'm not completely satisfied with the design :/
Thank you in advance!