Hi Keto team We are using keto to model an RBAC implementati Ory Community #talk-keto

Hi Keto team, We are using keto to model an RBAC ...

billions-evening-60046

05/31/2023, 6:44 AM

Hi Keto team, We are using keto to model an RBAC implementation and following is a sample representation of the relations that we have.

Copy code

permissions:organization/permissionA#allowed@(roles:organization/roleA#has)
permissions:organization/permissionB#allowed@(roles:organization/roleA#has)
permissions:organization/permissionA#allowed@(roles:organization/roleB#has)

roles:organization/roleA#has@(groups:organization/groupA#member)
roles:organization/roleB#has@(groups:organization/groupA#member)
roles:organization/roleC#has@(groups:organization/groupA#member)
roles:organization/roleA#has@(groups:organization/groupB#member)
roles:organization/roleD#has@(groups:organization/groupB#member)

Here we have a

permission -> role -> group

mapping and we are using the above model to perform authorization/permission checks. Here we are solely maintaining the

role -> group

mapping in keto. One requirement that we have is to get the list of roles assigned to a particular group. For example send in

groupA

and get

[roleA, roleB, roleC]

. This requirement can have multiple use cases such as displaying the roles assigned to a group in the UI or for some business logic in the backend. We were hoping to get a recommendation from your team for an approach to get the list of roles by providing a particular group from keto or whether trying to list data from keto other than a permission check is an incorrect approach. We looked into the possibility of getting this information from the Query relationships API but we do have some concerns. 1. Can we use this list API in a production system with a high traffic load? 2. When considering the usage, performance and intended use of this API, is it a correct approach from a keto PoV to use the

Query relationships

API to list info? Thanks in advance!

alert-egg-84949

06/06/2023, 4:55 AM

Any one from the community who tried to implement something similar? How's your experience with the performance of the list APIs?

billions-evening-60046

06/07/2023, 8:27 AM

@steep-lamp-91158 We would be highly grateful if you could provide an insight to this issue that we are trying to resolve. Thanks in advance!

13 Views

Open in Slack

Previous Next