Keto RBAC - Roles and members - concept misunderstanding

I’ve struggling to setup my roles and policies correctly to achieve my goal. My understanding is as follows.

  1. Create a role
  2. Add members to role
  3. Created a policy with subject set to roleId

Now my issue

  1. Call the “allowed API”

Where do I include member id?

When I call the API with the subject being equal to the roleId, it is never checking the member id.

Does this mean before calling the “allowed API”, I first need to call “GET role API” to see if the user has the role?

I was under the impressed this would be apart of Keto, as it seems counter intuitive for me to responsible for this.

Many thanks in advance,
Aaron