Hi, I'm trying to evaluate Keto as a FGA solution. This is my permission rules and I've shared my relationships below. I'm trying to see all

Positions

that a subject can see. When I provide a subject ID in the GET /relationship-tuples request, it doesn't respect this field. Am I doing something wrong? I would expect the response to be empty given that the subject_id

test

does not have a relationship to any of the namespaces

import { Namespace, SubjectSet, Context } from "<@U010S8T03NG>/permission-namespace-types"

class User implements Namespace { }

class Position implements Namespace { 
  related: {
    manager: Position[]
    viewers: User[]
  }
  permits = {
    view: (ctx: Context): boolean =>
      this.related.viewers.includes(ctx.subject) || 
      this.related.manager.traverse(p => p.permits.view(ctx))
  }
}

class Req implements Namespace {
  related: {
    positions: Position[]
  }
}

class SensitiveFields implements Namespace {
  related: {
    positions: Position[]
  }
}

Hey Owen, the Ory Keto API allows you to query relationships by providing a partial relationship. The

GET /relation-tuples

endpoint requires the namespace field and other fields like

object

,

relation

,

subject_id

are optional. If you are not getting the expected results, it could be due to the way the query is structured or the relationships that are currently defined in your system. Here is an example of how you can use the

GET /relation-tuples

endpoint to query relationships:

GET /relation-tuples?namespace=your_namespace&subject_id=your_subject_id

This will return all relationships that match the query. If the

subject_id

does not have a relationship to any of the namespaces, the response will indeed be empty. If you are still facing issues, I would recommend checking the relationships that are currently defined in your system. Happy to take a closer look next week. Can you tell me a bit more about the “highlevel” use case?