https://www.ory.sh/ logo
#talk-keto
Title
# talk-keto
p

purple-activity-8730

11/03/2021, 12:14 PM
Hi everyone, I am currently using v0.6, and I guess there are no wildcards in v0.6. I would like to utilize a wildcard for the following scenario: • The app consists of multiple domain-related objects (let's say text files). • You need
read
write
delete
or
update
policies for particular operations on the docs. For ex, in order to delete a doc called
temp_doc.txt
, you need
temp_doc.txt#delete@<user_id>
. • Also, the admin should do all of these operations like
*#*@(members:admin#member
which implies that the admin can do
any
action on
any
object. • So that, if the admin wants to read this
temp_doc.txt
,
temp_doc.txt#read@<admin_id>
should return true. However, I couldn't find a way to design this system. Does anyone have experience of Keto usage similar to this?  Thanks in advance!
s

steep-lamp-91158

11/03/2021, 12:51 PM
So what you called wildecard will be subject set rewrites: https://github.com/ory/keto/issues/263 Currently you can workaround that by adding for each permission a tuple like
temp_doc.txt#delete@(admin#member)
which is not ideal, but that's why it is called "workaround" an admin is then added as
admin#member@<some-id>
🙌 1
p

purple-activity-8730

11/03/2021, 12:53 PM
Thanks @steep-lamp-91158 👍
s

steep-lamp-91158

11/03/2021, 12:57 PM
sure, np