pg_graphql fully respects builtin PostgreSQL role and row security.
Table and column visibility in the GraphQL schema are controlled by standard PostgreSQL role permissions. Revoking
SELECT access from the user/role executing queries removes that entity from the visible schema.
Account GraphQL type.
SELECT access on a table's column will remove that field from the associated GraphQL type/s.
DELETE all impact the relevant sections of the GraphQL schema.
Visibility of rows in a given table can be configured using PostgreSQL's built-in row level security policies.