API Management Get Started API References
Login 24/7 Support Community tyk.io

5. Field Based Permissions

It is also possible to restrict user’s based on fields using policies. For example you can create two policies

  1. For read-only access for users to only execute queries.

  2. For read and write access to run mutations and queries both.

Creating keys with read-only access

  • Create Policy
    • Navigate to policies page
    • Click Add Policy
    • Select our API from Access Rights table
    • Expand Api panel under global section
    • Toggle Field-Based Permissions and check Mutation
    • Switch to configuration tab
    • Set policy name (eg. user-reviews-policy-read-only)
    • Set expiration date for the keys that would be created using this policy
    • Click on create policy

Now keys created using these policies cannot be used for mutations.

Return to Top
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
   Read More