Hello everyone, how are you?! 👋 I'm trying to find an open-source tool to handle the permissions of my application. So, I have an admin dashboard, and the three basic features that I need are: 1. List the resources and roles that a user has access (user page details) : 2. List the users and roles that have access to a specific resource (resource details page): 3. Check if a user can perform an action. This one I'm sure I can do with keto. Can I do the numbers 1 and 2 with keto, remembering that I will have relations (implicit roles), so I can't only list the relations (explicit) on the database. Basically, this is my model:

import { Namespace, Context } from "@ory/keto-namespace-types"

class User implements Namespace {}

class Workspace implements Namespace {
  related: {
    owners: User[]
    editors: User[]
    viewers: User[]
  }
}

class Organization implements Namespace {
  related: {
    owners: User[]
    editors: User[]
    viewers: User[]
    parents: Workspace[]
  }
}

An Organization can be in one or more workspaces, and if the user is the owner of the Workspace (explicit) he will be the owner of the Organization (implicit). Example:

User:user1 is in owners of Organization:org1
Workspace:ws1 is in parents of Organization:org1
User:user2 is in owners of Workspace:ws1

User 1 and 2 are owners of org1. I believe an image will be better to understand ... 1. Detalle de usuário: user details page 2. Detalle de la organizacion: organization details page 3. Detalle ell ambient: workspace details page

Hey @shy-exabyte-45922, I have a bit of trouble wrapping my head around it 🤔 I assume you have seen https://www.ory.sh/docs/keto/concepts/api-overview and Check relationships. Is that what you are looking for in 3.? Your basic features sound like they should all be covered by Keto.

Yeah, the 3 of course keto can do. I will send examples of 1 and 2. Based on the model that I sent before:

User:user1 is in owners of Organization:org1
User:user2 is in owners of Organization:org2

Workspace:ws1 is in parents of Organization:org1
Workspace:ws2 is in parents of Organization:org2
Workspace:ws3 is in parents of Organization:org3

User:user1 is in owners of Workspace:ws3

1. List the resources and roles that a user has access a. user1: i. Organization:org1-> owner. (explicit) ii. Workspace:ws3 -> owner (explicit) iii. Organization:org3 -> owner (implicit) b. user2: i. Organization:org2-> owner. (explicit) 2. List the users and roles that have access to a specific resource a. org1: i. User:user1 -> owner (explicit) b. org2: i. User:user2 -> owner (explicit) c. org3: i. User:user1 -> owner (implicit)