Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Sorry to steal the thread, how do you check users have access to a resource in this case, as your policies are based on: organizations and permissions, and does not contain user ids?  :ghost:

I just didn't mention other policies here

I see, so I guess you (in addition) would have something along the lines of:

organizations:bmw#viewer@john