hasura
A way for Hasura Console to only allow viewing and changing of Postgres data, but not changes in schema or meta data like permissions and relationships
Is your proposal related to a problem?
We are currently using Hasura as a GraphQL engine for one of our solutions, which we need read and write access to the Postgres data, as we are still in a POC test phase. For the production system, all migration and metadata is only changed via a CI/CD pipeline. As our support staff need access to the Postgres data, the easiest way would be to simply give them access to the Hasura Console. The problem is that if they accidentally change a database schema, it could possibly crash the system.
Describe the solution you'd like
The best and easiest way would be to block the modification of metadata and schemas etc. for the Hasura Console via an ENV variable. I am aware that the console is not intended for this purpose, but to be honest, the console offers the best and most intuitive way to view the database without having to use complex database tools that we have to teach our staff again.
Describe alternatives you've considered
Do you have any ideas on how this could be implemented now? Does the possibility already exist somehow? The simpler the better ;)
There is a setting in the console, under data > migrations (only visible in cli console) This setting will disallow schema changes from the console UI. I am unsure if this setting affects the cloud console too, or only cli console.
Regardless, work is happening on a readonly console, with a bit of discussion happening at #5349
It would be nice to be able to configure this with an environment variable. Ideally with separate options for a true read-only mode, and a one to allow write operations but not schema changes.
I don't know if the plan includes allowing database inserts/update operations, but please add your feedback there!
