Keto RBAC - Roles and members - concept misunderstanding

Other Open Source
#1

I’ve struggling to setup my roles and policies correctly to achieve my goal. My understanding is as follows.

  1. Create a role
  2. Add members to role
  3. Created a policy with subject set to roleId

Now my issue

  1. Call the “allowed API”

Where do I include member id?

When I call the API with the subject being equal to the roleId, it is never checking the member id.

Does this mean before calling the “allowed API”, I first need to call “GET role API” to see if the user has the role?

I was under the impressed this would be apart of Keto, as it seems counter intuitive for me to responsible for this.

Many thanks in advance,
Aaron

#2

Are you still stuck on this? Adding a member to a role means you can just pass the role ID to the Allowed API. No need to pass the member subject directly.

Keto will know that subject is a member of that role.

1 Like