Skip to main content
POST
/
v1
/
tenants
/
{tenant_id}
/
permissions
/
expand
go
cr, err := client.Permission.Expand(context.Background(), &v1.PermissionExpandRequest{
    TenantId: "t1",
    Metadata: &v1.PermissionExpandRequestMetadata{
        SnapToken: "",
        SchemaVersion: "",
    },
    Entity: &v1.Entity{
        Type: "repository",
        Id: "1",
    },
    Permission: "push",
})
{
  "tree": {}
}
Retrieve all subjects (users and user sets) that have a relationship or attribute with given entity and permission Expand API response is represented by a user set tree, whose leaf nodes are user IDs or user sets pointing to other ⟨object#relation⟩ pairs.
Expand is designed for reasoning the complete set of users that have access to their objects, which allows our users to build efficient search indices for access-controlled content.It is not designed to use as a check access. Expand request has a high latency which can cause a performance issues when its used as access check.

Path Parameters

tenant_id
string
required

Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.

Body

application/json

PermissionExpandRequest is the request message for the Expand method in the Permission service.

metadata
object

PermissionExpandRequestMetadata metadata for the PermissionExpandRequest.

entity
object

Entity represents an entity with a type and an identifier.

permission
string

Name of the permission to be expanded, not required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.

context
object

Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.

arguments
object[]

Additional arguments associated with this request.

Response

A successful response.

PermissionExpandResponse is the response message for the Expand method in the Permission service.

tree
object

Expand is used to define a hierarchical structure for permissions. It has an entity, permission, and arguments. The node can be either another hierarchical structure or a set of subjects.