https://authzed.com logo
hi team, have another quen: if I cerated schema as below: definition user {} caveat sre_role(role string) { role == 'sre' } definition organization { relation maintainer: user with sre_role permission admin = maintainer } then create a user as: .\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role' OR .\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role:{\"role\":\"sre\"}' **QUESN**: is there a diff between 2 ways, as both seems creating the record fine? now if I check on the user, I cannot check with sre_role; .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"sre_role\":{\"role\":\"sre\"}}' ERR: WRN missing fields in caveat context fields=["role"] **QUESN**: how to check on a perticular Caveat? I am able to check correctly with: .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"role\":\"sre\"}'
a

ab.sh.1010

03/30/2023, 4:18 PM
hi team, have another quen: if I cerated schema as below: definition user {} caveat sre_role(role string) { role == 'sre' } definition organization { relation maintainer: user with sre_role permission admin = maintainer } then create a user as: .\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role' OR .\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role:{\"role\":\"sre\"}' **QUESN**: is there a diff between 2 ways, as both seems creating the record fine? now if I check on the user, I cannot check with sre_role; .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"sre_role\":{\"role\":\"sre\"}}' ERR: WRN missing fields in caveat context fields=["role"] **QUESN**: how to check on a perticular Caveat? I am able to check correctly with: .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"role\":\"sre\"}'