https://www.ory.sh/
Join Slack
EDIT: fixed I'm having challenges some issues nesting objects in keto, while attempting RBAC. When d...
# talk-keto
b
EDIT: fixed I'm having challenges some issues nesting objects in keto, while attempting RBAC. When directly adding a user to a resource it works, but when I have 
Resource > Role (> Role) > User
, it doesn't seem to work. Any ideas why? I've been following the guides so far Query:
Copy code
{
  "subject_set": {
    "namespace": "User",
    "object": "admin"
  },
  "namespace": "Resource",
  "object": "pgweb",
  "relation": "access"
}
Namespaces:
Copy code
/**
 * "User" represents a user in the system.
 */
class User implements Namespace {}

/**
 * "Role" represents a role. 
 *  - Each role can be assigned members either directly,
 *    or inderectly through inheritance from other roles.
 *  - Roles can be used to provide access to resources.
 */
class Role implements Namespace {
  related: {
    members: (User | Role)[]
  }
}

/**
 * "Resource" represents any resource that requires access in the system.
 */
class Resource implements Namespace {
  related: {
    parents: (Resource)[]
    // All members of the list of roles have access.
    access: (User | SubjectSet<Role, "members">)[]
  }

  permits = {
    access: (ctx: Context): boolean =>
      this.related.access.includes(ctx.subject) ||
      this.related.parents.traverse((p) => p.permits.access(ctx)),
  }
}
Tuples:
Copy code
[
	{
    "namespace": "Role",
    "object": "administrator",
    "relation": "members",
    "subject_set": {
      "namespace": "User",
      "object": "admin"
    }
  },
	{
    "namespace": "Role",
    "object": "postgres-admin",
    "relation": "members",
    "subject_set": {
      "namespace": "Role",
      "object": "administrator"
    }
  },
	{
    "namespace": "Resource",
    "object": "pgweb",
    "relation": "access",
    "subject_set": {
      "namespace": "User",
      "object": "admin"
    }
  },
	{
    "namespace": "Resource",
    "object": "pgweb",
    "relation": "access",
    "subject_set": {
      "namespace": "Role",
      "object": "postgres-admin"
    }
  }
]
2 Views
Open in Slack
PreviousNext
Powered by

Ory Community

Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Powered by