search

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
https://hasura.io
Apache License 2.0
31.08k stars 2.76k forks source link

(Remote Schema) Introspection descriptions only available for admin role #9407

Open nic-miller1 opened 1 year ago

nic-miller1 commented 1 year ago

Version Information

Server Version:v2.17.0-cloud.1 CLI Version (for CLI related issue):

Environment

Cloud

What is the current behaviour?

When viewing Docs, or running introspections queries with a role that is not admin, I am unable to see the description for queries, mutations, types, etc.

What is the expected behaviour?

I would like to be able to see the description within the schema introspection as a role other than admin

How to reproduce the issue?

  1. Run following query in against a hasura cloud instance with a role other than admin: { __schema { types { name description } } }

Screenshots or Screencast

introspection_query

Keywords

introspection admin

adas98012 commented 1 year ago

@gearheadSBC350

Please check your security settings in Console if the "Schema Introspection" is disabled for the non-admin user.

Here is the Document link.

nic-miller1 commented 1 year ago

image

The role in question does have Schema Introspection enabled. The role can introspect the schema, and see the schema structure but is missing the description.

ecthiender commented 1 year ago

Hi @gearheadSBC350 can you share a screenshot with the admin role's introspection result?

I just tested with admin role in my cloud project (v2.17.1-cloud.1), and I see the description for the primitive fields (Boolean, Float, Int, String etc.) to be null as well.

nic-miller1 commented 1 year ago

This is what I see as a non admin role image

This is what I see as an admin role image

adas98012 commented 1 year ago

@gearheadSBC350 Thanks for sharing the screenshots. Do you have any permissions (e.g. "select" permission) set for the mentioned user for any of the tables under the schema ?

@ecthiender It seems, you'll see schema descriptions for a user only if the user has "select" permissions for the tables.

nic-miller1 commented 1 year ago

So yes I can get description to populate on a table after I give user select permissions. But and I'm sorry I should have put this information in the start of this issue. The type descriptions I'm having trouble with (ex. MoveTaskOrder) come from a remote schema.

adas98012 commented 1 year ago

@gearheadSBC350 I was able to see the descriptions from the Remote Schema with a non-admin user.
My remote schema is another Hasura GraphQL schema and I had to pass its admin secret as an additional header.

Here is how my Remote schema is configured:

Screen Shot 2023-02-07 at 6 32 54 PM