The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
groups:readers#owner@user1
groups:readers#member@user2
files:foo.txt#access@groups:readers# (subset with empty relation, regardless of relation all should have access)
On version v0.8.0, the following check returns {allowed:true}
curl -X GET "http://127.0.0.1:4466/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
However, the same check on v0.11.1-alpha.0 returns {allowed:false}
curl -X GET "http://127.0.0.1:4466/relation-tuples/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
Reproducing the bug
Spin a keto container version v0.8.0 connected to another container running mysql db
Run the curl command to create the two tuples mentioned above
Run the v0.8.0 respective check curl, it should return {allowed:true}
Redeploy the keto container with v0.11.1-alpha.0
Run the migrations
Run the v0.11.1-alpha.0 respective check curl, it will return {allowed:false}, expected to be {allowed:true} as in the v0.8.0
Relevant log output
No response
Relevant configuration
No response
Version
v0.11.1-alpha.0
On which operating system are you observing this issue?
Preflight checklist
Ory Network Project
No response
Describe the bug
For the following tuples:
On version v0.8.0, the following check returns {allowed:true}
curl -X GET "http://127.0.0.1:4466/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
However, the same check on v0.11.1-alpha.0 returns {allowed:false}
curl -X GET "http://127.0.0.1:4466/relation-tuples/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
Reproducing the bug
Relevant log output
No response
Relevant configuration
No response
Version
v0.11.1-alpha.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response