A version of this post appeared as a Hasura Community Story
At Fieldguide, we build automation and collaboration software for Audit and Advisory firms – specifically cybersecurity, privacy, and ESG (Environmental, Social, Governance) practices.
With information security and regulatory compliance risk increasing for companies, third party auditors, also known as Risk Advisory Services (RAS), are in high demand. However, risk advisory practitioners typically use legacy, desktop tools built in the 90’s that don’t provide efficiencies in their daily work. Practitioners with Fieldguide have completed thousands of audits on the platform, saving 30-50% of hours and transforming the operations of their practices.
How Fieldguide uses Hasura
Our customers have high security expectations, and Hasura has enabled meet those requirements with its mix of role-based and attribute-based data access.
With 800+ commits in our Hasura GitHub repo and 1200+ SQL migrations, we leverage Hasura to rapidly iterate on product development, averaging one Hasura deploy a day. And thanks to Hasura’s auto-generated GraphQL operations, our engineers avoid writing boilerplate data fetching code while maintaining end-to-end type safety.
Using Hasura’s remote schema and event triggers, we've joined our own federated service schema which manages emails, authentication, and various document automation and processing workflows. We’ve also used Actions to integrate a RESTful machine learning service.
We utilize enterprise-grade permissioning, as our customers handle sensitive data every day. Leveraging Hasura’s flexible authorization layer, our team has built up to a dozen layers of logic checks to control who has access to which documents and data.
Hasura has been a critical part of our ability to quickly build out features, integrate new functionality, and enforce rigorous permissions.
To help with reviewing Hasura permission changes, we've also developed an open-source Github Action.
How Fieldguide uses Hasura features
Audit documents have a complex set of rules that govern who has access to what. Hasura’s flexible authorization logic makes this simple to model.
Remote Schema Merging
Remote schema merging allows our team to build out services in the languages of our choice, then leverage those services within our data layer without worrying about access controls.
As our team adopted Hasura Actions, we’ve been able to integrate RESTful HTTP endpoints into an unified API, specifically for machine learning services, simplifying frontend development and ensuring end-to-end type safety.
Hasura Event Triggers allow our team to work with asynchronous data flows and bypass cumbersome Postgres functions.
Configuration as Code
Our product and team has grown rapidly, now reaching over 100 tables each with their interrelated permissions. Hasura’s exportable metadata has allowed us to adopt a powerful, but flexible, CI/CD pipeline and ensure consistency between our codebase and the Hasura server.
If this sounds interesting, we’re hiring across engineering, product, and design!