Update 2
This topic keeps getting more strange! I have decided to write a custom wrapper for dql.mutate and dql.query which fetches a X-Dgraph-AccessToken from inside the lambda resolver. I have also created a user (Test) on the namespace I want to mutate, including a user group (TestGroup) where I have ticked everything for
- read
- modify and
- write
So the user should be allowed everything, right? However, if I submit this token it allows me only to query for data but I’m not allowed to mutate anything! If I login as groot I can do both.