Managing who can edit the schema
By default, only users with the admin role have access to the different screens of plugin GraphQL API for WordPress in the admin.
We can enable to grant non-admin users access to the GraphiQL and Interactive schema clients in the admin, and to read or write the different Custom Post Types from this plugin:
- Persisted Queries
- Custom Endpoints
- Schema Configurations
- Access Control Lists
- Cache Control Lists
- Field Deprecation Lists
What permissions are given to non-admin users follows the same scheme as when editing posts in WordPress, where users with different roles (subscriber, contributor, author and editor) have access to different capabilities:
| Role | Capabilities |
|---|---|
| Editor | Can publish and manage posts including the posts of other users |
| Author | Can publish and manage their own posts |
| Contributor | Can write and manage their own posts but cannot publish them |
| Subscriber | Can only read posts |
For instance, a contributor can create, but not publish, custom endpoints:
Configuring access permalink
Select the appropriate configuration from the dropdown in the Settings, on tab "Schema Editing Access":
"Admin user(s) only""Use same access workflow as for editing posts"
