It's surprising that postgresql doesn't have a means of marking a field as read-only. Triggers seem like a heavy handed solution, and when using api generation tools like #postgraphile they can't infer any useful information about that aspect of the schema.
Conversation
Replying to
You could use column-level permissions/privileges to get that kind of behavior:
If you use PostGraphile's `--no-ignore-rbac` flag then we will automatically not expose fields in mutations that have not been granted 👍
1