Managing who can edit the schema

By default, only users with the admin role have access to the different screens of plugin GraphQL API for WordPress in the admin.

We can enable to grant non-admin users access to the GraphiQL and Interactive schema clients in the admin, and to read or write the different Custom Post Types from this plugin:

  • Persisted Queries
  • Custom Endpoints
  • Schema Configurations
  • Access Control Lists
  • Cache Control Lists
  • Field Deprecation Lists

What permissions are given to non-admin users follows the same scheme as when editing posts in WordPress, where users with different roles (subscriber, contributor, author and editor) have access to different capabilities:

RoleCapabilities
EditorCan publish and manage posts including the posts of other users
AuthorCan publish and manage their own posts
ContributorCan write and manage their own posts but cannot publish them
SubscriberCan only read posts

For instance, a contributor can create, but not publish, custom endpoints:

Custom endpoint by contributor
Custom endpoint by contributor

Configuring access permalink

Select the appropriate configuration from the dropdown in the Settings, on tab "Schema Editing Access":

  • "Admin user(s) only"
  • "Use same access workflow as for editing posts"

Configuring the schema editing access in the Settings
Configuring the schema editing access in the Settings

Share on 🐦 Twitter | πŸ‘ŽπŸΎ Facebook