Yes, you can delete multiple relationships with one request in Ory. This can be done using the

DELETE /admin/relation-tuples

endpoint. However, you need to be authenticated by means of one of the following methods:

oryAccessToken

. The parameters for this request include: - `namespace`: Namespace of the Relationship - `object`: Object of the Relationship - `relation`: Relation of the Relationship - `subject_id`: SubjectID of the Relationship - `subject_set.namespace`: Namespace of the Subject Set - `subject_set.object`: Object of the Subject Set - `subject_set.relation`: Relation of the Subject Set All these parameters are optional and are of type string. Please note that the

DeleteRelationTuplesRequest.Query

field is deprecated and the

relation_query

field should be used instead. For more details, you can refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and the [Keto API Reference](https://www.ory.sh/docs/keto/reference/proto-api#deleterelationtuplesrequest).

The

DELETE /admin/relation-tuples

endpoint in Ory does not typically accept a request body. Instead, the details of the relationships to be deleted are provided as query parameters in the URL. Based on the information you provided, your DELETE request URL might look something like this:

DELETE /admin/relation-tuples?namespace=data-reference-app&object=country&relation=delete&subject_set.namespace=data-reference-app&subject_set.object=superuser&subject_set.relation=member

This request would delete the relationship where the namespace is "data-reference-app", the object is "country", the relation is "delete", and the subject set is defined by the namespace "data-reference-app", the object "superuser", and the relation "member". Please note that the actual implementation might vary depending on the specifics of your setup and the Ory version you are using. For more details, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and the [Keto API Reference](https://www.ory.sh/docs/keto/reference/proto-api#deleterelationtuplesrequest).

If you need to delete hundreds of relations, it might not be practical to specify all of them as query parameters in a single request due to URL length limitations. In such cases, you might need to make multiple DELETE requests, each specifying a subset of the relations to be deleted. Alternatively, you can use the

keto relation-tuple delete-all

command from the Ory Keto CLI. This command deletes all relationships matching the relation query. However, it is recommended to first run the command without the

--force

flag to verify that the operation is safe. Here is the command:

keto relation-tuple delete-all [flags]

And the options:

--authority string Set the authority header for the remote gRPC server.    --block Block until the connection is up.    --force Force the deletion of relationships    --format string Set the output format. One of table, json, yaml, json-pretty, jsonpath and jsonpointer. (default "default")    -h, --help help for delete-all    --insecure-disable-transport-security Disables transport security. Do not use this in production.    --insecure-skip-hostname-verification Disables hostname verification. Do not use this in production.    --namespace string Set the requested namespace    --object string Set the requested object    -q, --quiet Be quiet with output printing.    --read-remote string Remote address of the read API endpoint. (default "127.0.0.1:4466")    --relation string Set the requested relation    --subject-id string Set the requested subject ID    --subject-set string Set the requested subject set; format: "namespace:object#relation"    --write-remote string Remote address of the write API endpoint. (default "127.0.0.1:4467")

For more details, please refer to the [Keto CLI Reference](https://www.ory.sh/docs/keto/cli/keto-relation-tuple-delete-all#keto-relation-tuple-delete-all).

Yes, you can send HTTP requests to your Ory Keto server running in a Kubernetes cluster. However, you need to ensure that you have the correct access permissions and the server is exposed to receive external requests. The HTTP request would be similar to the one used for a local server, but the URL would point to the remote server instead of localhost. For example, if your remote server is accessible at

<http://my-remote-keto-server.com>

, your DELETE request might look like this:

DELETE <http://my-remote-keto-server.com/admin/relation-tuples?namespace=data-reference-app&object=country&relation=delete&subject_set.namespace=data-reference-app&subject_set.object=superuser&subject_set.relation=member>

Please note that the actual URL and method to access your remote server might vary depending on your specific Kubernetes setup and how you have configured your services and ingress rules. For more details on how to interact with Ory Keto, you can refer to the [Ory Keto API Reference](https://www.ory.sh/docs/keto/reference/proto-api#deleterelationtuplesrequest). If you need help with Kubernetes, the [Kubernetes documentation](https://kubernetes.io/docs/home/) is a good resource.

To delete all relation tuples using an HTTP request, you would use the

DELETE /admin/relation-tuples

endpoint with the

--all

flag. However, the HTTP API does not directly support the

--all

flag like the CLI does. In the HTTP API, you would typically specify the details of the relationships to be deleted as query parameters in the URL. If you want to delete all relation tuples, you might need to omit these parameters, but the exact behavior can depend on your specific setup and the Ory version you are using. Please note that deleting all relation tuples is a significant operation that can have wide-ranging effects, so it should be done with caution. It's recommended to first run a GET request on the

/admin/relation-tuples

endpoint to verify the tuples that would be deleted. For more details, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and the [Keto API Reference](https://www.ory.sh/docs/keto/reference/proto-api#deleterelationtuplesrequest).

Yes, you can use the Ory Keto API to get a list of all objects a user has access to. In your case, you can use the

keto relation-tuple get

command to get all groups for a user. Here is an example command:

bash keto relation-tuple get --subject-id="<mailto:x@y.com|x@y.com>" --relation=member --format json --read-remote localhost:4466

This command will return a list of all objects that the user with the ID

<mailto:x@y.com|x@y.com>

has access to. Please note that you need to replace

localhost:4466

with the address of your Ory Keto server if it's running remotely. For more details, please refer to the [Ory Keto Documentation](https://www.ory.sh/docs/keto/guides/rbac#display-all-objects-a-user-has-access-to).

The

GET /relation-tuples

request does not typically require a request body. Instead, you provide the details of the relationships you want to get as query parameters in the URL. Here is an example of how you might structure the URL with query parameters:

GET <http://localhost:4466/relation-tuples?namespace=data-reference-app&object=country&relation=read>

This request would get the relationship where the namespace is "data-reference-app", the object is "country", and the relation is "read". Please note that the actual URL and parameters might vary depending on your specific setup and the Ory version you are using. For more details, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and the [Keto API Reference](https://www.ory.sh/docs/keto/reference/rest-api).