Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi! I'm new to authz and I am investigating keto for our use-case. We need to establish multi-tenancy so that our business partners don't have access to each others' datasets. However, some datasets are available to the public.

Is there a way to express that the public can read from certain datasets? (Without adding each member of the public to the "public" group.)

```bucket:free_data#viewer@(group:public#member)```
For now, I'm using the `*` user -- like in the quickstart -- and doing two checks: one with a UUID associated with their email address and another with `*`  and ORing the results. Seems a bit awkward? Is that the idiomatic usage?

The `*` user and ORing two checks is a valid workaround until <https://github.com/ory/keto/issues/263> is implemented.

Regarding multi-tenancy, have a look at <https://www.ory.sh/kratos/docs/guides/multi-tenancy-multitenant/>
The same applies to Keto :wink:

Alternatively, we are currently working on adding Keto to Ory Cloud. There you can configure one for each customer, also over automation.
If you are interested in that, <@U011D3UQKNY> can give you some details