keto
keto copied to clipboard
ory
Batch check request
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
In some cases it makes sense to do multiple checks at the same time. This can be used e.g. to create a list of all permissions for the UI, or similar things.
Describe your ideal solution
We can provide a batch check API. It would make sense especially for cases where subjects and/or objects are the same, so that we can reuse already done queries internally.
Workarounds or alternatives
Doing multiple check requests. This has the overhead of the transport, as well as reduced performance optimization possibilities.
Version
all
Additional Context
No response
This would help me and my team with the product we are building. We have paginated endpoints that return lists of resources that are sorted and filtered via Mongo queries. Afterwards, we would like to check the user permissions of all items in the page, but at the moment we are forced to do a separate check per item. Implementing this would allow us to only call the API once and speed things up.
That feature would help my team. We have a feature-store and complex data system, we are in the process of making this a platform beyond the company internal usage for data science, but a product (external usage). At some point we have to list a catalog of datasets that the user have access. We have a 1000+ datasets.
I thought initially that we could do something similar with keto using GET /relation-tuples/expand or GET /relation-tuples by querying with a fixed namespace and subject_id, but for my surprise it didn't what I expected.
Or the ability to expand without setting relation would help too. The case that UI depends on the current permit and in our case it causes 8 checks. i.e. does the user have xxx permit, does the token have xxx permit, where xxx = list[vew, edit, build, own]
We are encountering a similar issue where we need to send multiple check requests to keto. It would be more efficient to have a batch request in order to reduce the transport overhead.
Yes, I wish this feature be implemented eventually very much.
Cordialmente, Manoel Vilela.
Em qui., 8 de jun. de 2023 01:42, Thilina Shashimal Senarath < @.***> escreveu:
We are encountering a similar issue where we need to send multiple check requests to keto. It would be more efficient to have a batch request in order to reduce the transport overhead.
— Reply to this email directly, view it on GitHub https://github.com/ory/keto/issues/812#issuecomment-1581882283, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB2J57RRAG2I2R44NPHCWPDXKFJ47ANCNFSM5LTR6L3Q . You are receiving this because you commented.Message ID: @.***>
Can we introduce a batch operation endpoint (both gRPC and REST) that allows us to send multiple tuples for the check with a single request?
I'm running into the same requirement of having a dynamic UI based on the permissions, at the moment I'm forced to check permissions one by one.
