platform
authentication
User management
Users are saved in the database in the auth.users table and are accessible via the GraphQL API.

Example of getting all users in GraphQL:
query {
  users {
    id
    displayName
    email
  }
}

Example of getting one user in GraphQL:
query {
  user(id: "some-user-id") {
    id
    displayName
    email
  }
}


Users should be created using the sign-up or sign-in flows as described under sign-in methods.
Never create users directly via GraphQL or database. Never modify the auth.users table. Never modify the GraphQL root queries.
You can update the permissions of the auth.users table.

Each user can have one or multiple roles for API requests. You can see the roles of a user and set a default role in Nhost Console under Users.
Every GraphQL request is made with a specific role. This role will be used to resolve permissions when querying the database. In other words, every user can have multiple roles, but only one role will be applied for any given GraphQL request.
For new apps, the following roles are available:
  • Available roles: user and me
  • Default role: user
If the user is not signed in, the public role will be used.
When no request role is specified, the user's default role will be used:
await nhost.graphql.request(QUERY, {})

Make a GraphQL request with the me role:
await nhost.graphql.request(QUERY, {}, {
  headers: {
    'x-hasura-role': 'me'
  }
})

If the request is not part of the user's roles, the request will fail.