Defines how users are authenticated when accessing the endpoint.
- API Key: needs to be sent with every request.
- ... more to come
Defines workspaces for data that should be accessible via the endpoint. The definition is similar to Pimcore user workspace permissions
Available permissions:
- Create
- Read
- Update
- Delete
The default behavior for associated/related objects, documents or assets that are not visible for the endpoint is, to simply null it out.
You can change that via a configuration setting in symfony configuration tree:
- 1 = the entire query will fail
- 2 = null it out/skip it for multi-relations (default)
pimcore_data_hub:
graphql:
not_allowed_policy: 2
It is also possible to disable the permission checks entirely by setting the configuration option in the security definition tab.