diff --git a/graphql_search_api.module b/graphql_search_api.module
new file mode 100644
index 0000000..3c08768
--- /dev/null
+++ b/graphql_search_api.module
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @file
+ * A Search API GraphQL schema.
+ */
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\graphql_search_api\GraphqlSearchApiPermission;
+
+/**
+ * Implements hook_ENTITY_TYPE_access().
+ */
+function graphql_search_api_search_api_index_access(EntityInterface $entity, $operation, AccountInterface $account) {
+  $access = AccessResult::neutral();
+
+  if ($operation == 'graphql_search_api_query') {
+    $access = AccessResult::allowedIfHasPermission($account, GraphqlSearchApiPermission::getPermissionName($entity));
+  }
+
+  return $access;
+}
diff --git a/graphql_search_api.permissions.yml b/graphql_search_api.permissions.yml
new file mode 100644
index 0000000..ce93b3f
--- /dev/null
+++ b/graphql_search_api.permissions.yml
@@ -0,0 +1,2 @@
+permission_callbacks:
+  - \Drupal\graphql_search_api\GraphqlSearchApiPermission::getPermissions
diff --git a/src/GraphqlSearchApiPermission.php b/src/GraphqlSearchApiPermission.php
new file mode 100644
index 0000000..43152c5
--- /dev/null
+++ b/src/GraphqlSearchApiPermission.php
@@ -0,0 +1,82 @@
+<?php
+
+namespace Drupal\graphql_search_api;
+
+use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
+use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\search_api\Entity\Index;
+use Drupal\search_api\IndexInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Provides dynamic permissions for search API indexes.
+ */
+class GraphqlSearchApiPermission implements ContainerInjectionInterface {
+
+  use StringTranslationTrait;
+
+  /**
+   * Entity type manager.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * GraphqlSearchApiPermission constructor.
+   *
+   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
+   *   Entity type manager.
+   */
+  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
+    $this->entityTypeManager = $entity_type_manager;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static($container->get('entity_type.manager'));
+  }
+
+  /**
+   * Returns an array of index permissions.
+   *
+   * @return array
+   *   The search api index permissions.
+   */
+  public function getPermissions() {
+    $permissions = [];
+
+    foreach ($this->entityTypeManager->getStorage('search_api_index')->loadMultiple() as $index) {
+      $permissions += [
+        self::getPermissionName($index) => [
+          'title' => $this->t('Execute GraphQL query against @index search index', [
+            '@index' => $index->label(),
+          ]),
+          'description' => $this->t('Allows user to execute arbitrary GraphQL queries against the @index Search API index. Therefore contents of the @index Search API index will be available to users with this permission via GraphQL queries.', [
+            '@index' => $index->label(),
+          ]),
+        ],
+      ];
+    }
+
+    return $permissions;
+  }
+
+  /**
+   * Assemble permission name that allows querying Search API index in GraphQL.
+   *
+   * @param \Drupal\search_api\IndexInterface $index
+   *   Search API index whose permission name to assemble.
+   *
+   * @return string
+   *   Permission name that allows executing GraphQL queries against the
+   *   supplied Search API index.
+   */
+  public static function getPermissionName(IndexInterface $index) {
+    return "execute graphql requests {$index->id()} index";
+  }
+
+}
diff --git a/src/Plugin/GraphQL/Fields/SearchAPISearch.php b/src/Plugin/GraphQL/Fields/SearchAPISearch.php
index 23b8148..25cdef4 100644
--- a/src/Plugin/GraphQL/Fields/SearchAPISearch.php
+++ b/src/Plugin/GraphQL/Fields/SearchAPISearch.php
@@ -81,6 +81,14 @@ public function resolveValues($value, array $args, ResolveContext $context, Reso
     // Load up the index passed in argument.
     $this->index = $this->entityTypeManager->getStorage('search_api_index')->load($args['index_id']);
 
+    $access = $this->index->access('graphql_search_api_query', NULL, TRUE);
+
+    $resolved_value = new CacheableValue(NULL, [$access]);
+    if (!$access->isAllowed()) {
+      yield $resolved_value;
+      return;
+    }
+
     // Prepare the query with our arguments.
     $this->prepareSearchQuery($args);
 
@@ -102,7 +110,8 @@ public function resolveValues($value, array $args, ResolveContext $context, Reso
     // Set response type.
     $search_response['type'] = 'SearchAPIResult';
 
-    yield $search_response;
+    $resolved_value->setValue($search_response);
+    yield $resolved_value;
 
   }