Right now we have separate Query and Mutation. To streamline, especially when using @auth

enum ModelOperation {
create
update
delete
read
}

@auth object types that are annotated with @auth are protected by a set of authorization rules that give additional controls than the top level authorization on an API.

Use the @auth directive on object type definitions and field definitions in the project's schema.

When using the @auth directive on object type definitions that are also annotated with @model, all resolvers that return objects of that type would be protected. When using the @auth directive on a field definition, a resolver will be added to the field that authorize access based on attributes found in the parent type.