See if permission system can restrict applications to perform mutations on their own schema only

[Ked57]

The example:

Humeur du mois needs a remote schema to perform actions like casting a vote, as it can't be entrusted to the user. Right now we think this can't be using the users JWT and would rather use and userId that has administrator privileges, problem is that this user could have access to the rest of the database and it exposes the whole system to privilege elevation.

We need to find a way to get the JWT token on remote schemas too and define a permission to modify data

[Ked57]

Since this is a thing

We can define permissions for a role like "Collaborator" to insert a vote, the remote schema will do the verification and forward the JWT back to Hasura when doing the mutation
Additionally, we want the JWT to include the application ID it came from so an application can only mutate its own data

[hgwood]

@Ked57 could you write here what we have discussed?

[Ked57]

Ok so each app has it's own namespace in the database which means roles have to be declared as applicationNamespace_role. Auth0 will send this during authentication, so the roles defined in schema have to be the same