hi team, have another quen: if I cerated schema as below:
definition user {}
caveat sre_role(role string) {
role == 'sre'
}
definition organization {
relation maintainer: user with sre_role
permission admin = maintainer
}
then create a user as:
.\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role' OR
.\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role:{\"role\":\"sre\"}'
**QUESN**: is there a diff between 2 ways, as both seems creating the record fine?
now if I check on the user, I cannot check with sre_role;
.\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"sre_role\":{\"role\":\"sre\"}}'
ERR: WRN missing fields in caveat context fields=["role"]
**QUESN**: how to check on a perticular Caveat?
I am able to check correctly with: .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"role\":\"sre\"}'
a
ab.sh.1010
03/30/2023, 4:18 PMhi team, have another quen: if I cerated schema as below:
definition user {}
caveat sre_role(role string) {
role == 'sre'
}
definition organization {
relation maintainer: user with sre_role
permission admin = maintainer
}
then create a user as:
.\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role' OR
.\zed.exe relationship create organization:org1 maintainer user:eng2 --caveat 'sre_role:{\"role\":\"sre\"}'
**QUESN**: is there a diff between 2 ways, as both seems creating the record fine?
now if I check on the user, I cannot check with sre_role;
.\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"sre_role\":{\"role\":\"sre\"}}'
ERR: WRN missing fields in caveat context fields=["role"]
**QUESN**: how to check on a perticular Caveat?
I am able to check correctly with: .\zed.exe permission check organization:org1 maintainer user:eng2 --caveat-context '{\"role\":\"sre\"}'