Read-only mode on deployed Hasura Console.

[kenptr]

Hello,

We want to make hasura console (the deployed one) read only and do changes only using $ hasura console command line console.

Is there a flag for that? If not, how feasible is to add it?

[marcfalk]

Not sure that you're easily able to make the deployed instance's console read only. However, if you only intend to use $ hasura console you might as well disable the console for your deployed instance. This is recommended anyway.

It can be done by setting the environment variable/server flag HASURA_GRAPHQL_ENABLE_CONSOLE to false. Read more here.

[kenptr]

That makes sense. If it's preferred way, let's close the issue. Thanks!

[jflambert]

Well actually, before you close this issue, we wouldn't mind being able to roll out a console with JUST the Graphiql tab available. No settings no nothing else.

It's not read-only in the sense of mutations/etc, but it's read-only in the sense of locked configuration.

[tirumaraiselvan]

@jflambert One way is to disable Hasura console and use graphqurl for just graphiql.

[adamrneary]

But doesn't this also disable the analytics available at /console/pro? It seems like the features are at odds. We want to lock down configuration changes, but we also want to be able to navigate the useful features on a production-ready app. @coco98 mentioned that this might be coming soon. Tanmai, is this the Github Issue tracking this?

[coco98]

@adamrneary Yes, we're using this to track the read-only mode for the cloud console as well.

The idea is to lock both metadata changes and optionally, raw SQL changes as well. The monitoring and pro tabs will remain accessible since they don't have any impact on data or metadata. GraphiQL, browsing data, remote-schemas, actions will be accessible but read-only.

[adamrneary]

Spoke with @coco98 and I didn't realize we could have users with User permissions that would achieve what we're looking for. I think our needs are covered for now, so we can close this issue unless someone else thinks there is something else to be built.

[matiasf9]

Spoke with @coco98 and I didn't realize we could have users with User permissions that would achieve what we're looking for. I think our needs are covered for now, so we can close this issue unless someone else thinks there is something else to be built.

Can you please share instructions on how to do this? I would love to track all DB schema and configuration changes on the repo (read-only on console), but still be able to insert/remove/update objects to the DB, use Graphiql, monitors, etc. Is that an option?

[ecchochan]

@adamrneary Can you please share how you achieve the User permissions? 👀

[jflambert]

Yep I guess I'm interested too. Perhaps Hasura should provide some documentation on this.

[PatersonKopp]

Is this working at all? As I know the only way to log in into the console is using the admin secret - And therefore everyone who is able to log in has admin permissions.

[27medkamal]

Is this going to be implemented at all?

[rayhantr]

This feature will be really helpful in a team where we can give read only access to the console for some team members. It's like permission for the hasura console. Waiting for this to implement if possible.