many-dawn-19625
06/24/2025, 5:48 PMbrief-egg-61061
06/24/2025, 5:48 PMbrief-egg-61061
06/24/2025, 5:48 PMmany-dawn-19625
06/24/2025, 5:48 PMbrief-egg-61061
06/24/2025, 5:48 PMbrief-egg-61061
06/24/2025, 5:48 PMmany-dawn-19625
06/25/2025, 4:45 AMbrief-egg-61061
06/25/2025, 4:45 AMbrief-egg-61061
06/25/2025, 4:45 AM/admin/relation-tuples
with a JSON payload that includes: 1. First, a delete action for the existing relationship 2. Then, an insert action for the new relationship json [ { "action": "delete", "relation_tuple": { "namespace": "Project", "object": "project_number_2", "relation": "viewer", "subject_id": "mamma" } }, { "action": "insert", "relation_tuple": { "namespace": "Project", "object": "project_number_2", "relation": "owner", "subject_id": "mamma" } } ]
## Using Ory CLI If you're using the Ory CLI with Ory Network, you can use the following approach: bash # Create a JSON file with the patch operations echo '[ { "action": "delete", "relation_tuple": { "namespace": "Project", "object": "project_number_2", "relation": "viewer", "subject_id": "mamma" } }, { "action": "insert", "relation_tuple": { "namespace": "Project", "object": "project_number_2", "relation": "owner", "subject_id": "mamma" } } ]' > patch.json # Apply the patch ory patch relation-tuples --project <project-id> --workspace <workspace-id> --file patch.json
Note that according to a GitHub issue comment, there's an inconsistency in the API where you might not be able to use the DELETE endpoint to remove relation tuples in some cases, but the PATCH endpoint works reliably for both adding and removing relationships [Github Issue (open): OPL traverse.(...) not working](https://github.com/ory/keto/issues/1330). This approach ensures atomicity - either both operations succeed or both fail, maintaining consistency in your permission system.many-dawn-19625
06/25/2025, 4:46 AM{
"action": "delete",
"relation_tuple": {
"namespace": "Project",
"object": "project_number_2",
"relation": "viewer",
"subject_id": "mamma"
}
},
brief-egg-61061
06/25/2025, 4:46 AMbrief-egg-61061
06/25/2025, 4:46 AMGET /relation-tuples
endpoint to query for the specific relationship: GET /relation-tuples?namespace=Project&object=project_number_2&relation=viewer&subject_id=mamma
This will return all relationships matching these parameters [Ory API Reference](https://raw.githubusercontent.com/ory/docs/master/docs/reference/api.json). ## Using the Ory CLI bash ory list relationships \ --namespace Project \ --object project_number_2 \ --relation viewer \ --subject-id mamma
Or with the older command format: bash ory list relation-tuples \ --namespace Project \ --object project_number_2 \ --relation viewer \ --subject-id mamma
[Ory CLI Documentation](https://www.ory.sh/docs/cli/ory-list-relationships) ## Using Keto CLI (if using standalone Keto) bash keto relation-tuple get \ --namespace Project \ --object project_number_2 \ --relation viewer \ --subject-id mamma
[Keto CLI Documentation](https://www.ory.sh/docs/keto/cli/keto-relation-tuple-get) The response will include the relationship details in a format similar to: json { "relation_tuples": [ { "namespace": "Project", "object": "project_number_2", "relation": "viewer", "subject_id": "mamma" } ], "next_page_token": "" }
You can use this to verify the relationship exists before attempting to delete it or modify it. Would you like more information about any of these methods?many-dawn-19625
06/25/2025, 4:47 AMbrief-egg-61061
06/25/2025, 4:47 AMbrief-egg-61061
06/25/2025, 4:48 AMbash ory list relationships \ --namespace Project \ --object project_number_2 \ --subject-id mamma
This command will list all relationships between the subject "mamma" and the object "project_number_2" in the "Project" namespace, regardless of what the relation value is [Ory CLI Documentation](https://www.ory.sh/docs/cli/ory-list-relationships). ## Using the REST API GET /relation-tuples?namespace=Project&object=project_number_2&subject_id=mamma
This query will return all relationships matching these parameters without specifying the relation [Ory API Reference](https://raw.githubusercontent.com/ory/docs/master/docs/reference/api.json). Once you have the results, you can see what relation types exist (viewer, owner, editor, etc.) and then proceed with your patch operation to modify the relationship as needed. Thank you for pointing this out, and I apologize for the confusion in my previous response.