I have about five user authorization levels (all will be able to use our graphql api to some extent). Is it an okay practice to generate different schemas for each user level?

We took the approach of filtering data by authorization in the resolvers but that seems like a reasonable approach for certain use cases.

Cool. Will let yinz know if I run into any major problems doing it this way

Its an interesting idea ... and one that is reasonable because the schema is data.

We annotate our schema like it’s going out of style and transform it before compiling it. It’s an incredibly effective way to reduce some of the boilerplate and ensure consistency.