RBAC or not and how to map it?


I wanted to implement a multi-tenant RBAC.

  • A subject has one or many roles on resources.
  • The resources belonged to the tenants.
  • A role is a set of permissions.

This is where I had a problem applying the concepts to the Keto ACP.

I thought doing

Subject = Subject or Role
Action = Permission
Resource = tenant

In your model, a role is a set of subjects and not permissions.

So, how to associate a subject with a role on a particular tenant without going down to the permission level in the definition of policies?

Thank you

If you want to model only roles -> permissions, simply use a wildcard for the resource!