https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> how to use wildcard subject id on...
# ory-copilot
i
@chilly-king-10285 how to use wildcard subject id on the Ory Keto
b
A message from kapa.ai
In Ory Keto, you can use a wildcard subject ID to represent any user, including anonymous users. This is particularly useful when you want to grant certain permissions to all users. However, it's important to note that Ory Keto doesn't interpret this subject any differently from other subjects. Here's an example from the [Cat Videos Quickstart Guide](https://www.ory.sh/docs/keto/quickstart) where the 
*
user ID is used to represent any user:
Copy code
json {   "namespace": "videos",   "object": "cats",   "relation": "view",   "subject_id": "*" }
In this example, the 
*
subject ID is granting view access to the "cats" video to all users. Remember, the application interacting with Keto (the Keto client) is responsible for interpreting the special 
*
user ID as any user. Ory Keto itself doesn't know anything about this special interpretation.
i
Copy code
version: v0.12.0

log:
  level: debug

namespaces:
  - name: roles
    id: 1
  - name: resources
    id: 2
  
  

serve:
  read:
    host: 0.0.0.0
    port: 4466
  write:
    host: 0.0.0.0
    port: 4467
this is my keto config and below are my all relation tuples.
Copy code
{
  "relation_tuples": [
    {
      "namespace": "roles",
      "object": "design_admin",
      "relation": "member",
      "subject_id": "<mailto:at@mt.com|at@mt.com>"
    },
    {
      "namespace": "roles",
      "object": "admin",
      "relation": "member",
      "subject_id": "<mailto:sd@mt.com|sd@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_id": "*"
    },
    {
      "namespace": "resources",
      "object": "designer_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "resources",
      "object": "admin_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "roles",
      "object": "design_admin",
      "relation": "member",
      "subject_id": "<mailto:ab@mt.com|ab@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "designer_portal",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "design_admin",
        "relation": "member"
      }
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "admin",
        "relation": "member"
      }
    },
    {
      "namespace": "roles",
      "object": "admin",
      "relation": "member",
      "subject_id": "<mailto:dp@mt.com|dp@mt.com>"
    },
    {
      "namespace": "resources",
      "object": "shop",
      "relation": "access",
      "subject_set": {
        "namespace": "roles",
        "object": "design_admin",
        "relation": "member"
      }
    }
  ],
  "next_page_token": ""
}
but when I try to access the with subject_id as any_subject_id it returns false
23 Views
Open in Slack
PreviousNext
Powered by