purple-activity-8730
11/03/2021, 12:14 PMread
write
delete
or update
policies for particular operations on the docs. For ex, in order to delete a doc called temp_doc.txt
, you need temp_doc.txt#delete@<user_id>
.
• Also, the admin should do all of these operations like *#*@(members:admin#member
which implies that the admin can do any
action on any
object.
• So that, if the admin wants to read this temp_doc.txt
, temp_doc.txt#read@<admin_id>
should return true.
However, I couldn't find a way to design this system. Does anyone have experience of Keto usage similar to this?
Thanks in advance!steep-lamp-91158
temp_doc.txt#delete@(admin#member)
which is not ideal, but that's why it is called "workaround"
an admin is then added as admin#member@<some-id>
purple-activity-8730
11/03/2021, 12:53 PMsteep-lamp-91158