I’ve struggling to setup my roles and policies correctly to achieve my goal. My understanding is as follows.
- Create a role
- Add members to role
- Created a policy with subject set to roleId
Now my issue
- Call the “allowed API”
Where do I include member id?
When I call the API with the subject being equal to the roleId, it is never checking the member id.
Does this mean before calling the “allowed API”, I first need to call “GET role API” to see if the user has the role?
I was under the impressed this would be apart of Keto, as it seems counter intuitive for me to responsible for this.
Many thanks in advance,