|
|
|
|
|
|
by jschorr
1720 days ago
|
|
|
Disclosure: I'm also a founder of Authzed The information you are describing can be retrieved via the Expand API [0], which returns a tree containing all of the relationships that are reachable from a permission, as well as how they were reached. For example, if you have a schema with a permission like so: definition resource {
relation parent: resource
relation writer: user
relation reader: user
permission view = reader + writer + parent->view
}
An ExpandPermissionTree call for the permission `view` on a resource will return a tree that contains the users with view access to that resource, each set of users placed under `reader` or `writer` with a reference to the containing resource, so you know how a user was granted the `view` permission.[0]: https://buf.build/authzed/api/docs/main/authzed.api.v1#Expan... |
|
|