Anonymous Access
Turn Anonymous Access On and Off
To turn /graphql endpoint anonymous access off
- Go to the Schema section of Dgraph Cloud console.
- Open the Access tab.
- Set
Anonymous Accesstoggle toOnorOff
With Anonymous Access turned off, any client accessing the /graphql endpoint must pass a valid client or admin API Key in DG-Auth or X-Auth-Token header.
With Anonymous Access turned on (Default configuration), you need to further define the permission per type defined in your GraphQL Schema.
Edit GraphQL type operations access permissions
have a button to “Edit Permissions”
When Anonymous Access is on, any newly deployed type will have read and write permissions for anonymous users.
To control the anonymous access to operations :
- Open the Access tab in the Schema section.
- Click on
Edit Permission - For every Type defined in your GraphQL schema, Edit Permissions will show check boxes to enable Anonymous Access to Read and Write.
– Check
Readto allow anonymous clients to access theget<Type>andquery<Type>operations. – CheckWriteto allow anonymous clients to access theadd<Type>,update<Type>, anddelete<Type>operations.
Permission settings only applies to the parent type operations: it is still possible to read/write data of a type that has been set with no read/write permissions if a parent type is granted read/write access to anonymous clients.
Consider the following Schema:
type User {
id: ID
name: String!
posts: [Post] @hasInverse(field: "author")
}
type Post {
id: ID
title: String!
author: User
}
If the Anonymous Access was granted Read and Write for Post but not granted Read and Write for User, it would be possible still to perform the following operation which creates a new User.
mutation addPost {
addPost(input: [{
title: "New Post Title" @search(by: [hash])
author: { name: "New User Name" } # creates a new User node.
}]) {
numUids
}
}