Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Created an account :slightly_smiling_face:
Hmm. I might be dumb but how do I do that with just Hydra? :thinking_face:

In my head it will be like this.
I need to make sure the OAuth Client (i.e. Client X with ID=YYY) that I create within my project should only be allowed to access an object AAA and not object BBB. Something like.
`client-id:YYY has read access to object:AAA`
In this phase, I am confused because I don't see where the `scope` when defining the OAuth client will be useful for my case.

I am led to Ory Keto based on my reading. So I have believed I needed Ory Permissions(Keto)
<https://www.ory.sh/permissions/>

Take a look at this thread 

<https://community.ory.sh/t/ory-keto-to-ory-hydra-integration/1196|https://community.ory.sh/t/ory-keto-to-ory-hydra-integration/1196>

Hey <@U055PSA05N0>
to expand on the above, take a look at the oathkeeper examples here: <https://github.com/ory/examples/tree/master/oathkeeper>
You do not need Ory Keto for this use case,
Ory Hydra acts as OAuth2 server - creating the M2M client credentials flows / tokens.
Ory Oathkeeper acts as “access proxy” checking the M2M tokens on every API call.