Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

A question for you <@U05AK2FG12Q> (or anyone else): have you figured out exactly how to “ask Keto for the list of all documents a user has access to”? I’m searching through the API and can’t see a way to ask this question

The question I _really_ want to ask is along the lines of “what documents in container X does user Y have access to?” but can’t find any mechanism to do thatf

I haven’t yet, but <https://ory-community.slack.com/archives/C012RBZFMDG/p1682087145093039|this thread> doesn’t sound promising

I’m trying to figure this out as well. But seems like it will require a lot of glue code and context on how permission was modelled.

To my knowledge (and i hope i’m wrong), it seems like we’re only able to query for `relation` part of the permission model.  If you have complex `permits` that involve `subject-set` or `recursive relation` , then it is on you to glue it up.

How i wish there is a straightforward way to do this. But for now, the only solution i can think of is to restrict usage of `subject-set`  and model `permits` in a way that is as close as `relation`.