``` relation tuples namespace roles object design admin rela Ory Community #ory-selfhosting

```{ "relation_tuples": [ { ...

incalculable-arm-99332

09/30/2024, 2:20 PM

Copy code

{
  "relation_tuples": [
    {
      "namespace": "roles",
      "object": "design_admin",
      "relation": "member",
      "subject_id": "<mailto:at@mt.com|at@mt.com>"
    },
    {
      "namespace": "roles",
      "object": "admin",
      "relation": "member",
      "subject_id": "<mailto:sd@mt.com|sd@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_id": "*"
    },
    {
      "namespace": "resources",
      "object": "designer_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "resources",
      "object": "admin_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "roles",
      "object": "design_admin",
      "relation": "member",
      "subject_id": "<mailto:ab@mt.com|ab@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "designer_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "design_admin",
        "relation": "member"
      }
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "roles",
      "object": "admin",
      "relation": "member",
      "subject_id": "<mailto:dp@mt.com|dp@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "design_admin",
        "relation": "member"
      }
    }
  ],
  "next_page_token": ""
}

I am using ORY Keto for access control, as I have added a relation tuple with wildcard char. it should allow any subject id to acess the shop.

Copy code

{
  "namespace": "resources",
  "object": "shop",
  "relation": "access",
  "subject_id": "*"
}

Copy code

curl --location '<http://localhost:4466/relation-tuples/check>' \
--header 'Content-Type: application/json' \
--data '{
        "namespace": "resources",
        "object": "shop",
        "relation": "access",
        "subject_id": "any_subject_id"
}'

it returns false, which should not ideally right.

Copy code

{
  "allowed": false
}

Is there something wrong I am doing with subject_id. as when I am trying to hit the check api.

4 Views

Open in Slack

Previous Next