OpenFGA
Replies: 1 comment
-
|
Hi @ghstahl Thanks for the suggestion. We are considering together with other changes to the OpenFGA DSL |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I as going through the organization-context-authorization tutorial and was specifically focusing on the
define user_in_context as self.snippet from tutorial:
Contextual Tuples are tuples that do not exist in the system state and are not written beforehand to OpenFGA.
They are tuples that are sent alongside the Check request and will be treated as if they already exist in the state for the context of that particular Check call.
So if that is the case (
tuples that do not exist in the system state), then it would be nice if OpenFGA would allow me to annotate that relation and deny anyone from trying to make a tuple out of it.i.e.
User: anne
RELATIONSHIP: user_in_context
OBJECT: org:A
Would fail if I could annotate it with something like
define user_in_context as self as @conextual_tupleThis is to protect my system from some rogue tuple getting written. It would be nice to have that gating be part of the model.
Beta Was this translation helpful? Give feedback.
All reactions