Artifact image

Public/Private Schema

What should happen when a user without access to some field or directive in the schema, attempts to access it?

With the public/private API mode we can control the desired behavior:

In the public API, the fields in the schema are exposed, and when the permission is not satisfied, the user gets an error message with a description of why the permission was rejected.

In the private API, the schema is customized to every user, containing only the fields available to him or her, and so when attempting to access a forbidden field, the error message says that the field doesn't exist.

Individual Public/Private schema mode