Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

when permissions are missing for column: return null values instead of dropping the column

See original GitHub issue

In our app there are different roles. For the first time now I am encountering the situation that one role needs to not access the data of a few columns in a table.

So I removed the permission for the column lokalname in the console to test this.

But then every query that tries to access the column returns this error:

{
  "errors": [
    {
      "extensions": {
        "path": "$.selectionSet.herkunft.selectionSet.lokalname",
        "code": "validation-failed"
      },
      "message": "field \"lokalname\" not found in type: 'herkunft'"
    }
  ]
}

This is hard to solve. We use subscriptions. And store the data locally, as this app is offline capable. The thing that breaks first are the subscriptions. But it is also pretty hard to solve the case of data structure changing in the local store, depending on the role the user has.

This is why the behavior we would like to see is: The api returns the exact same data structure, no matter what columns the user is allowed to access. But columns that the user is not allowed to access contain only null values.

Is this achievable?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:11 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
tirumaraiselvancommented, Mar 1, 2021

This will be possible with our inherited roles feature. You can simply create a dummy role which gives access to all columns but no rows (by setting an always false condition). Then you can add this dummy role to your actual role to create a new inherited role (say, role_with_all_cols).

Preview here: https://github.com/hasura/graphql-engine/pull/6396

0reactions
Tomas1337commented, Jul 5, 2022

@tirumaraiselvan in your example above How would one setup the configuration if I wanted user to access all the fields (id, name, email) but have guest only access the columns name and id while returning NULL for email?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Return NULL instead of permission was denied on the column ...
I would like to have single query that returns data from the table. If the user has permission, it should return the data...
Read more >
B.3.4.3 Problems with NULL Values - MySQL :: Developer Zone
To search for column values that are NULL , you cannot use an expr = NULL test. The following statement returns no rows,...
Read more >
Pandas dropna() - Drop Null/NA Values from DataFrame
By default, this function returns a new DataFrame and the source DataFrame ... If 'all', drop the row/column if all the values are...
Read more >
How to SELECT Records With No NULL Values in MySQL
Use the MySQL engine to only grab records that you desire while excluding those with pesky NULL columns with the IS NOT NULL...
Read more >
Known issues for AWS Lake Formation
AWS Lake Formation column-level permissions can be used to restrict access to ... then delete a column from the schema, queries could return...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Create computed field that returns single row

Next page

MacBook M1: crash in QEMU