By default, only users with the
admin role have access to the different screens of plugin GraphQL API for WordPress in the admin.
We can enable to grant non-admin users access to the GraphiQL and Interactive schema clients in the admin, and to read or write the different Custom Post Types from this plugin:
- Persisted Queries
- Custom Endpoints
- Schema Configurations
- Access Control Lists
- Cache Control Lists
- Field Deprecation Lists
What permissions are given to non-admin users follows the same scheme as when editing posts in WordPress, where users with different roles (
editor) have access to different capabilities:
|Editor||Can publish and manage posts including the posts of other users|
|Author||Can publish and manage their own posts|
|Contributor||Can write and manage their own posts but cannot publish them|
|Subscriber||Can only read posts|
For instance, a contributor can create, but not publish, custom endpoints:
Configuring access permalink
Select the appropriate configuration from the dropdown in the Settings, on tab "Schema Editing Access":
"Admin user(s) only"
"Use same access workflow as for editing posts"