I think it would be helpful to be able to mark a role as “GraphQL only”. All its other role permissions would work as usual (when entered through GraphQL), but it wouldn’t have access to the Fauna shell or any of the libraries that allow arbitrary FQL execution.
The benefit I see is that this would essentially allow finer grain control over the document data that’s exposed (both read and write), as well as only allowing the execution of certain UDFs under controlled circumstances.
The read access should be pretty self explanatory. Say I have a User document and I want to store their email address. I want most of the User document to have public read access but not the email. By excluding email from the GraphQL schema I can easily do this, as long as the role can’t be used to fire up a Fauna shell and read the whole document that way.
Write access is a bit harded to explain, but say I have a Twitter clone (hi Fwitter) and for simplicity I want to store a count of the number of likes in a Tweet document. If a user adds a “like” I want to make sure they haven’t already liked this tweet and then increment the like count. I obviously don’t want to give them blanket write access to the whole Tweet document, and I don’t even want to give them write access to just be able to increment the “like” number via a complex predicate. I want a level of fine grain control which I think is only available if they don’t have a path to run uncontrolled queries.
While the current ABAC rules and predicates are very cool and can be quite powerful, I think this would be a convenient (and beginner friendly) addition.