How to create Scope Based Permissions

Let’s move on to Scope Based Permissions after going through Resource Based Permissions.

Scope Based Permissions define the scope of accessing the data. Either the scope can be limited to retrieving the data, or it can be extended to update or delete the data.

Scope Based Permissions work with API functions or methods like get, find, upsert, delete, link, unlink. They get applied to all the resources automatically. So, there is no need to specify the resource id while creating AccessRight.

We will stick to the example from the last post. For the Library App, access rights can also be created using Scope Based Permissions (SBP) as we are applying permissions to all the resources or Book objects.

Here is the example for creating Scope Based Permissions.

mutation {
  upsert(
    values: {
      AccessRight: [
        {
          resourceType: "Book"
          operationType: "Query"
          operation: "get"
          permissionType: SBP
          approved: true
          members: { hypi: { id: "*" } }
        }
        {
          resourceType: "Book"
          operationType: "Query"
          operation: "find"
          permissionType: SBP
          approved: true
          members: { hypi: { id: "*" } }
        }
      ]
    }
  ) {
    id
  }
}
#result
{
  "data": {
    "upsert": [
      {
        "id": "01G1X3SFA4RES3A2YSHMYJ697Q"
      },
      {
        "id": "01G1X3SFA51CC2R7TK2GRDJH1B"
      }
    ]
  }
}

This means that all users can find or get data from the Book objects.

Please remember that only system admin can create SBPs. The system admin is the one who created the Hypi App instance.

1 Like