Within relationship based access control policies, it's often interesting to get all the objects a user can access (which is already supported via permit.getUserPermissions()).
We now added the reverse functionality as well via a new SDK method:
permit.getAuthorizedUsers()
.
With this new method, it's possible get all users who have access to a resource.
Example (python):
from permit import Permit, AuthorizedUsersResult
permit = Permit(...)
authorized_users: AuthorizedUsersResult = permit.authorized_users(
"read", "repo",
)
The schema of the response in the code above is as follows:
{
"resource": "repo:*",
"tenant": "default",
"users": {
"user1": [
{
"user": "user1",
"tenant": "default",
"resource": "__tenant:default",
"role": "admin"
}
]
}
}