Keto RBAC - Roles and members - concept misunderstanding

I’ve struggling to setup my roles and policies correctly to achieve my goal. My understanding is as follows.

  1. Create a role
  2. Add members to role
  3. Created a policy with subject set to roleId

Now my issue

  1. Call the “allowed API”

Where do I include member id?

When I call the API with the subject being equal to the roleId, it is never checking the member id.

Does this mean before calling the “allowed API”, I first need to call “GET role API” to see if the user has the role?

I was under the impressed this would be apart of Keto, as it seems counter intuitive for me to responsible for this.

Many thanks in advance,
Aaron

Are you still stuck on this? Adding a member to a role means you can just pass the role ID to the Allowed API. No need to pass the member subject directly.

Keto will know that subject is a member of that role.

1 Like