Authorization Policy

Last edit: Aug 16, 2019
  • Contributors:
  • pavelloz
  • Slashek

Authorization Policies allow you to restrict access to forms and pages in a flexible way. Each form and page can have multiple policies attached to it.

Each policy is parsed using Liquid, and the system checks them in order of their appearance in the authorization_policies key.

If the content of the policy evaluates to anything other than true, the policy is considered violated and the system will not proceed with executing action (like submitting a form or rendering a page).

Contextual object

Apart from pulling data from GraphQL you also have access to a variable called object (be careful not to override it).

Depending on where the Authorization Policy is called from, this object contains:

  • form object in Form context
  • page object in page context

Related topics


We are always happy to help with any questions you may have.