Hello, When I use LookupSubjects to find all the roles and users who have access to the feature, it ends up giving me false positives (I think). I read that LookupSubjects walks the whole tree, but would it really return the users of the roles that have access to the feature? And if so, what should I use instead? This is how I'm using lookupSubjects, where I look for the subjectType of either role#member or user, to get all the roles or all the users.

const rolesWithAccess = await lookupSubjects(companyId, {
        permission: "allow_access",
        resource: {
          type: "feature",
          id: feature,
        },
        subjectObjectType: "role",
        optionalSubjectRelation: "member",
      });
      const userIdsWithAccess = await lookupSubjects(companyId, {
        permission: "allow_access",
        resource: {
          type: "feature",
          id: feature,
        },
        subjectObjectType: "user",
      });

Schema:

/** give access to a specific user or role group */
    relation allow_access: role#member | user

It first of all returns a list with the same role elements, which I guess is because multiple users have that role (This is not a big issue but perhaps is an indicator that I'm doing something wrong?). Secondly, even though I have not populated allow_access with any users it returns the users that have the roles which have access to the feature. I ultimately just wanted to figure out why the user has access, either by it's role or if the specific user has been granted access. Thanks in advance 🙂

LS is recursive

Thanks that explains it then. Any suggestions as to what I can do instead, to know why the user has access, either from role or granted directly?

readrelationships on the relation

Alright, thanks a lot 🙂

anytime