Menu
While GraphQL mentions security should be delegated to underlying business logic, the nature of GraphQL lends itself very well to security.
In GraphQL the Query can have a resolve method, also each field can have a resolve method. In a way we are traversing the graph, if we provide resolvers for each query and all fields of their results.
Now "Attribute Based Access Control" is gaining popularity with its ways to define security policy across
One way "Attribute Based Access Control" is implemented is, that it modifies the query being fired to only fetch eligible data. This could be done by a wrapper resolver.
Second way "Attribute Based Access Control" can be implement in GraphQL, is to use field level resolvers to decide whether to expose that field or not.
The question I have to the community is what are the various ways to implement "Attribute Based Access Control" in GraphQL, especially leveraging the strengths of GraphQL
Cheers, Rohit
There are 2 ways ABAC could be used to secure data - be it GraphQL; SQL; HQL... - like you say:
'SELECT a, b, c FROM t' and converts it into 'SELECT a, b, c FROM t WHERE...' Axiomatics does that with its Data Access Filter.The benefit of 1. is that it is unintrusive. It sits in front of the data source and could in principle work for several types of data sources e.g. SQL, GraphQL... The benefit of 2. is that you do not need the proxy component and the configuration is native to the target system.
In any case, yes Graph databases lend themselves really well to ABAC because of the relationship between the different entities. In a way, relational databases have that too but perhaps not as obvious.
173
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
