https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> When inputing relationships in the ...
# ory-copilot
c
@chilly-king-10285 When inputing relationships in the Ory Console, how does the following tuple map to the 
Subject
, 
Relation
, and 
Object
inputs? 
reports:finance#view@(groups:finance#member)
Which of the parts of the above tuple are mapped to the 
Subject
, 
Relation
, and 
Object
inputs when using the Ory Console GUI to input Relationships?
b
A message from kapa.ai
The tuple 
reports:finance#view@(groups:finance#member)
represents a relationship in Ory. This tuple can be broken down into the following components: - 
reports:finance
is the 
Object
of the relationship. It represents the resource that you want to manage. In this case, it's the 
finance
report. - 
view
is the 
Relation
of the relationship. It represents the type of access or permission that the 
Subject
has on the 
Object
. In this case, it's 
view
access. - 
groups:finance#member
is the 
Subject
of the relationship. It represents the entity (user or group) that has the 
Relation
on the 
Object
. In this case, it's the 
member
of the 
finance
group. So, when inputting this relationship in the Ory Console, you would map the parts of the tuple to the 
Subject
, 
Relation
, and 
Object
inputs as follows: - `Subject`: 
groups:finance#member
- `Relation`: 
view
- `Object`: 
reports:finance
For more information on how to work with relationships in Ory, you can refer to the [Ory Documentation](https://www.ory.sh/docs/keto/concepts/relation-tuples).
c
@chilly-king-10285 How would Ory Keto interpret the following Relationship tuple: `Subject`: 
roles:admin#member
`Relation`: 
create
`Object`: 
IMGAPI:accounts
b
A message from kapa.ai
The relationship tuple you provided (`Subject`: 
roles:admin#member
, `Relation`: 
create
, `Object`: 
IMGAPI:accounts
) represents a specific access control rule in Ory Keto. Here's how Ory Keto would interpret it: - `Subject`: 
roles:admin#member
- This represents the entity (user or group) that has the 
Relation
on the 
Object
. In this case, it's the 
member
of the 
admin
role. - `Relation`: 
create
- This represents the type of access or permission that the 
Subject
has on the 
Object
. In this case, it's 
create
access. - `Object`: 
IMGAPI:accounts
- This represents the resource that you want to manage. In this case, it's the 
accounts
in 
IMGAPI
. So, this relationship tuple means that a member of the 
admin
role has 
create
access to 
accounts
in 
IMGAPI
. For more information on how to work with relationships in Ory Keto, you can refer to the [Ory Documentation](https://www.ory.sh/docs/keto/concepts/relation-tuples).
c
So 
role
needs to be created as a 
namespace
?
@chilly-king-10285
b
Sorry @careful-honey-27437, I'm not sure what you mean. Please try again. 👋
c
@chilly-king-10285 So 
role
needs to be created as its own 
namespace
?
b
A message from kapa.ai
Yes, in Ory Keto, 
role
would typically be created as its own namespace. Namespaces in Ory Keto are used to scope objects and subjects, and they contain rules that define which relationships are looked up as part of a permission check. For example, if you have a 
role
namespace, you could have objects like 
admin
, 
user
, 
guest
, etc., within that namespace. Then, you can define relationships between these roles (objects) and the subjects (users or groups) that have these roles. Here's an example of how you might define a 
role
namespace in your 
keto.yml
configuration file:
Copy code
yaml namespaces:     - id: 0       name: roles
For more information on namespaces in Ory Keto, you can refer to the [Ory Documentation](https://www.ory.sh/docs/keto/concepts/namespaces).
Open in Slack
PreviousNext
Powered by