Anonymous Access
Turn Anonymous Access On and Off
To turn /graphql endpoint anonymous access off
- Go to the Schema section of Dgraph Cloud console.
- Open the Access tab.
- Set
Anonymous Accesstoggle toOnorOff
With Anonymous Access turned off, any client accessing the /graphql endpoint must pass a valid client or admin API Key in DG-Auth or X-Auth-Token header.
With Anonymous Access turned on (Default configuration), you need to further define the permission per type defined in your GraphQL Schema.
Edit GraphQL type operations access permissions
have a button to “Edit Permissions”
When Anonymous Access is on, any newly deployed type will have read and write permissions for anonymous users.
To control the anonymous access to operations :
- Open the Access tab in the Schema section.
- Click on
Edit Permission - For every Type defined in your GraphQL schema, Edit Permissions will show check boxes to enable Anonymous Access to Read and Write.
– Check
Readto allow anonymous clients to access theget<Type>andquery<Type>operations. – CheckWriteto allow anonymous clients to access theadd<Type>,update<Type>, anddelete<Type>operations.
Permission settings only applies to the parent type operations: it is still possible to read/write data of a type that has been set with no read/write permissions if a parent type is granted read/write access to anonymous clients.
Consider the following Schema:
type User {
id: ID
name: String!
posts: [Post] @hasInverse(field: "author")
}
type Post {
id: ID
title: String!
author: User
}
CopyIf the Anonymous Access was granted Read and Write for Post but not granted Read and Write for User, it would be possible still to perform the following operation which creates a new User.
mutation addPost {
addPost(input: [{
title: "New Post Title" @search(by: [hash])
author: { name: "New User Name" } # creates a new User node.
}]) {
numUids
}
}
Copy