Expand API
Retrieve all subjects (users and user sets) that have a relationship or attribute with given entity and permission
Expand API response is represented by a user set tree, whose leaf nodes are user IDs or user sets pointing to other ⟨object#relation⟩ pairs.
Expand is designed for reasoning the complete set of users that have access to their objects, which allows our users to build efficient search indices for access-controlled content.
It is not designed to use as a check access. Expand request has a high latency which can cause a performance issues when its used as access check.
Path Parameters
Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.
Body
PermissionExpandRequest is the request message for the Expand method in the Permission service.
PermissionExpandRequestMetadata metadata for the PermissionExpandRequest.
Entity represents an entity with a type and an identifier.
Name of the permission to be expanded, not required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.
Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.
Additional arguments associated with this request.
Response
PermissionExpandResponse is the response message for the Expand method in the Permission service.
Expand is used to define a hierarchical structure for permissions. It has an entity, permission, and arguments. The node can be either another hierarchical structure or a set of subjects.