auth 

The directives takes in an array of 'roles' as argument and compares it with the user's roles. If the user has at least one role that matches with the supplied argument, the field is resolved. Otherwise a forbidden error is thrown. This directive would possibly supersede @hasAccountPermissions based on how the curity authentication framework pans out. Also the use case is different - @hasAccountPermissions can only be used on an account id argument, whereas @hasRole an be used on any field.