Assigned Roles & Relations
Assigned resource relations and roles provide the data for the system to evaluate rules to grant or deny access. This is where you assign instances of your resources to resources types and relationships to instances of your objects. You can manage object relation assignments through the tuple API.
A few examples of assigned roles and relations:
user:{user_id} is an admin
user:{user_id} is an owner of document:{document_id}
folder:{folder_id} is a parent of document:{document_id}
Assign Roles or Relations
Complete the following to assign roles/relationships:
- In the Pangea Console, navigate to AuthZ >> Assigned Roles & Relations.
- Click + Assign. If you are assigning your first connection, the screen already displays the modal for creating the connection.
- Select a subject from the drop-down menu. This is generally the resource type that will be receiving permissions to perform actions on the second resource type. The subject is the object that is being given access, and the resource is the object that the subject is being granted access to.
- Type a subject ID in the Resource Id field. This should be a unique string representing the relevant object within your system.
- Select a relation from the drop-down menu.
- Type an ID for the resource in the Resource Id field. This is a string and can be created using numbers or letters. If the relation selected is linked to a resource type, then type the ID of the relevant resource. This step is optional.
- Click Save.
Delete relationships
Complete the following to delete assigned relationships:
- In the Pangea Console, navigate to AuthZ >> Assigned Roles & Relations.
- Click the (-) button beside the assigned relationship to delete.
- Click Delete to confirm.
Was this article helpful?