Typically, GraphQL schemas are constructed statically, and services will expose one or a set number of schemas depending on the roles of clients that query the system. When the system is highly configurable, allowing the creation of new types and fields at runtime, with different types and fields exposed depending on the clients privileges, building a set of static schemas becomes infeasible. This talk will discuss a technique used to construct types and fields at runtime, reflecting the users level of access within the system. This technique allowed us to scale to millions of schemas which reflected the permissions of the client querying the GraphQL endpoint. I will discuss the interplay between the static parts of the schema available to all clients and the dynamic parts built depending on the users privileges, as well as how to represent this structure with a "metaschema". Then, I'll demonstrate a pattern for constructing types at runtime, with a service responsible for safe instantiation that honors the GraphQL spec, interacting with a set of actors that control which types should be instantiated. I'll close with some discussion of how the spec impacts dynamic construction.