-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ListUsers #16
Comments
@alee792, @mountainerd, @shivaKhat23, @xXAvoraXx Do you have concrete use cases for when would you use this API? |
|
Absent of an SDK that can do some local evaluation of an auth model, I'd use a capability like that to pull authorized users into memory to evaluate on an API endpoint or as some middleware for local evaluation instead of calling out to the API for the evaluation. |
I haven't experienced a use case yet, but it looks like the opposite of listobjects. |
@aaguiarz I ended up implementing a similar endpoint for Basically I have some data sources that do not provide change notifications. These data sources generally represent a fixed type of tuple where ObjectType, Relation and UserType as fixed. To be able to sync these data sources with OpenFGA tuples, I have built a list-users endpoint that will then be used to sync (i.e. delete, add) tuples. It would be great if this is supported in OpenFGA natively. |
Stumbled across this thread from #33 |
We've previously implemented this by exploring the sub-graphs we receive from the This works fine for now, in particular because we need the direct relation anyways. Consider the following simplified model:
If we want to display all members with access to an organization, we could check for |
Good news all – we've experimentally released the ListUsers API with the v1.5.4-rc1 release candidate! This feature can be enabled by passing the We hope you give it a go and provided feedback! |
@willvedd can you confirm the environmental variable format to enable this through docker compose. |
@avinashs433 under |
Thanks. Is there a way to determine if the user is a direct assignee of a role or not ? In order for me to allow unassignment from the administrator role. Example: |
@avinashs433 would this suffice for you? It's how we're currently pulling direct relations on specific objects to get users for permissions presentation to users: |
Why I gave this error ? this api reference has 2 elements in the array but when I use 2 elements I get the following error. https://openfga.dev/api/service#/Relationship%20Queries/ListUsers
|
Hi @xXAvoraXx, while we designed the API to support an array for future iterations and improvements, currently it requires a single element in the user_filters, anything more or less will return an error |
In the same way we provide a ListObjects endpoint that list all resources for a specific user & relation, We should provide a way to list which users have a specific relationship with a specific resource, for example:
const response = await fgaClient.listUsers({
object: "document:pricing",
relation: "reader",
type: "document"
});
// returns response.users : ["user:jon", "user:maria"]
There's a PR for the RFC here.
The text was updated successfully, but these errors were encountered: