# Authorization
### Overview
Authorization in QueryDeck governs access control by defining roles and permissions for database actions. It ensures that users can only perform actions they are allowed to, based on their assigned roles.
### Setting up Authorization
First set up a demo app (or with any databse of your choice), then change the menthod to select.
Now click on the security icon (shown below) present on the left toolbar
(note: make sure you already have existing authentication)
Now we get this page, which allows us to set up CORS, Authentication and Authorization
Click on the Roles & Authorization tab on the top right task bar
Now click on the button to create a role
Now we get this pop up form
Enter Role name as desired, this is like a nickname to refer to your role
Role value is the variable you chose to assign to it, this will be used in jwt to access your role
Select desired role type from the dropdown (admin/custom). Admin grants complete access, whereas in custom you can choose how much access to give the user.
Now click on the "add" button, to add the role
The role for authentication has been set up successfully
## Testing Authorization
### Getting the JWT
Goto
Scroll down to the debugger
Now in the "Header" section in the decoded column, change the algorithm (alg) according to ur Authentication settings in the security tab (In this case, the default value matches our algorithm, so we leave it as is)
Next change the payload, delete the "sub" and "name" parameters, leave the "iat" as is, this is the valid time period parameter
Now add your user session key(email) and role session key(role\_id) as additional parameters, and set their value to the desired value (here user email) and the role id set in authorization respectively
Next we change the secret key in the verify signature.
(on click reveals password)
now copy the JWT string
Also goto the api you want to test on and enable authentication on the left hand side pane
Then copy the endpoint URL from the section on the right
Now open postman and past the url and change the method to GET
Click on the Headers tab
Add a key for authorization and paste the jwt from jwt.io
Now click on the send button to place the request
As you can see, we have obtained teh required response
If we change the jwt in the header to some other value, we recieve an error response
We have successfully created and tested Authentication and Authorization
Note:
* session columns won't show up until we enable auth
* if session columns are selected then auth can't be disabled
