Prisma

Hi, I am trying to understand best practices when it comes verifying if an individual user has access to a specific piece of data? My thought process is to add a filter that compares the user coming from an Authorization header to the userId associated with a row in a table, but I can’t seem to apply this logic when using most queries where I want 1 result. If anyone has tips on how to approach this, it would be greatly appreciated.

One way I believe to accomplish this is to add `@@unique` to the model to encompass the values I would want to check when querying with `findUnique`. Is this a standard way?

<@U02L9MSAU83> :wave:
One option would be to add those details in the header itself so after you verify the header, you can know what data the user has access to. This can be done in a middleware in REST or GraphQL

I am already doing that to check if a user is authorized to hit my Graph, but still need to check if they have authorization to access specific data depending on the query/mutation.

You can also do the same by adding field level rules. These will return `null` for the fields the user doesn’t have access to.