Debugging Permissions

Given that permissions are defined in their own file and internally applied to queries, it might be hard to figure out if or why a permission check is failing.

Read Permissions

The transform-query utility is provided to transform a query by applying permissions to it. As of today you'll need to provide the hash of the query you want to transform. You can find this in server logs, websocket network inspector, or in the CVR database. In a future release, you'll be able to write ZQL directly.

npx transform-query --hash=2i81bazy03a00 --schema=./shared/schema.ts

The output will be the ZQL query with permissions applied as well as the AST of that query.

🤔Note

Write Permissions

Look for a WARN level log in the output from zero-cache like this:

Permission check failed for {"op":"update","tableName":"message",...}, action update, phase preMutation, authData: {...}, rowPolicies: [...], cellPolicies: []

Zero prints the row, auth data, and permission policies that was applied to any failed writes.

🤔Note

PreviousSlow Queries

NextReplication

Welcome

Using Zero

Integrations

Debugging

Meta

Debugging Permissions

Read Permissions

Write Permissions

On this page