We will work with your Heroku app, if you haven't created a Heroku app already then you can deploy using:

1. From the Heroku app dashboard (dashboard.heroku.com/apps/<my-app-name>), navigate to the Settings tab -> Reveal config vars.

2. Add a new config var: HASURA_GRAPHQL_ADMIN_SECRET: adminsecret

In case you prefer to work locally with docker containers instead:

Use docker-compose up -d

View your new Hasura GraphQL Engine Console at http://localhost:8080 (admin secret from docker-compose.yaml: adminsecret)

Note: To end a session, use docker-compose down -v

• Head to the Data tab and go to the Run SQL window
• Run northwind_ddl.sql
• Run northwind_data.sql

From the Heroku app dashboard (dashboard.heroku.com/apps/<my-app-name>), navigate to the Settings tab -> Reveal config vars -> DATABASE_URL. Use the following command:

psql <DATABASE_URL> < northwind_ddl.sql
psql <DATABASE_URL> < northwind_data.sql

or, lacking psql, use the following with the heroku CLI: (might need to run heroku login first):

heroku pg:psql -a <my-app-name> < northwind_ddl.sql
heroku pg:psql -a <my-app-name> < northwind_data.sql

Use the following command to set up initial tables and data into your postgres container:

psql postgres://postgres:mypassword@localhost:6432/postgres < northwind_ddl.sql 
psql postgres://postgres:mypassword@localhost:6432/postgres < northwind_data.sql 

If you do not have psql available, you can copy the northwind_ddl.sql and northwind_data.sql file to the postgres container and execute the psql command via inside it:

Note: You can find <postgres-container-ID> with docker ps

docker cp northwind_ddl.sql <postgres-container-ID>:/
docker cp northwind_data.sql <postgres-container-ID>:/
docker exec -ti <postgres-container-ID> /bin/bash
psql -U postgres < northwind_ddl.sql
psql -U postgres < northwind_data.sql

Return to the Hasura GraphQL Engine console and select the Data tab. In the central view, there should be a section "Untracked tables or views" with several tables listed and a "Track All" option available. Select "Track All", and then "Track All" again for untracked foreign-key relations.

Now you're all set! You should see your tables listed in the left-hand panel.

Go to the Graphiql tab and start trying out queries, mutations, and subscriptions.

The Northwind dataset includes sample data for the following.

• Suppliers: Suppliers and vendors of Northwind
• Customers: Customers who buy products from Northwind
• Employees: Employee details of Northwind traders
• Products: Product information
• Shippers: The details of the shippers who ship the products from the traders to the end-customers
• Orders and Order_Details: Sales Order transactions taking place between the customers & the company

Table: Customer, Order, Shipper Role: customer

Rules:

1. Customer can only select their own row in customer table
2. Customer can get their orders.
3. Customers can't view the employee_id of the order.
4. Customer can view the phone number of their shippers.

Table: employees Role: employee, hr

Rules:

1. Employee can see and edit their own information.
2. Employee can see the information of their reportees.
3. HRs can see and edit information of all employees

Table: products role: api

Rules:

1. Only consumers with valid api key can see the products table

A role is a collection of permissions. Permissions determine what operations are allowed on a resource. When you grant a role to a user, all permissions in the role are automatically granted to the user.

Hasura has role-based schemas.

Attributes are values that are associated with a user or resource.

Hasura can use user attributes and data attributes

• Action
• Resource
• Condition

https://hasura.io/blog/authorization-rules-for-multi-tenant-system-google-cloud/

• Every resource type has a role: Access to Google cloud storage buckets is controlled using storage_admin, storage_editor, storage_viewer roles
• Every resource instance also has a role: Each bucket has a storage_admin, storage_editor, storage_viewer role associated with it

1. Add environment variable:

HASURA_GRAPHQL_JWT_SECRET: {"type": "HS256", "key": "myjwtsecretkey111111111111111111111111111111111"}

2. Head to jwt.io and create tokens