https://authzed.com logo
Questions around User-Defined Roles
v

vladi

05/17/2023, 10:24 AM
hi, 2 questions on https://authzed.com/blog/user-defined-roles#adding-role-meta-permissions, not sure i understand the purpose of the built_in role also dont understand howcome the admin still has the delete permission (while project and build_in_role referencing the same project so it actually exclusion of the same relations)
v

vroldanbet

05/17/2023, 11:11 AM
This blog post illustrates a system that allows users to define roles. But sometimes you may want to have a role that comes built-in by default with the system and that you want it to be immutable. That's the built-in role - note how it is not possible to modify it, as defined by the schema. It also solves the chicken an egg problem of assigning some permissions to the first user of the system (e.g. the admin user)
v

vladi

05/17/2023, 11:24 AM
yes i understand the intention. i just confused with the implementation - i dont understhand why this line exists: permission delete = project->role_manager - built_in_role->role_manager and why admin is still eligible for permission delete
v

vroldanbet

05/17/2023, 11:58 AM
> i dont understhand why this line exists: permission delete = project->role_manager - built_in_role->role_manager The idea is to disable the deletion of certain roles considered "built-in"
this blogpost predates the wildcard operator, which can also be used to act as a killswitch
how did you conclude
admin
role has
delete
permission over a role? because of the image on the blogpost?