Skip to content

Latest commit

 

History

History
189 lines (154 loc) · 5.79 KB

configure-model.mdx

File metadata and controls

189 lines (154 loc) · 5.79 KB
title description slug
Configure Authorization Model
Configuring authorization model for a store
/getting-started/configure-model

import { AuthzModelSnippetViewer, DocumentationNotice, languageLabelMap, ProductConcept, ProductName, ProductNameFormat, RelatedSection, SdkSetupPrerequisite, SupportedLanguage, WriteAuthzModelViewer, } from '@components/Docs'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';

Configure Authorization Model for a Store

This article explains how to configure an for a in an OpenFGA server.

Before You Start

  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.
  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.
  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.
  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.
  2. You have installed the SDK, created the store and setup the SDK client.
  3. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.
  2. You have installed the CLI, created the store and setup your environment variables.
  3. You have loaded FGA_STORE_ID and FGA_SERVER_URL as environment variables.
  2. You have created the store and have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.

Step By Step

Assume that you want to configure your store with the following model.

<AuthzModelSnippetViewer configuration={{ schema_version: '1.1', type_definitions: [ { type: 'user', }, { type: 'document', relations: { reader: { this: {}, }, writer: { this: {}, }, owner: { this: {}, }, }, metadata: { relations: { reader: { directly_related_user_types: [{ type: 'user' }] }, writer: { directly_related_user_types: [{ type: 'user' }] }, owner: { directly_related_user_types: [{ type: 'user' }] }, }, }, }, ], }} />

To configure authorization model, we can invoke the write authorization models API.

<WriteAuthzModelViewer authorizationModel={{ schema_version: '1.1', type_definitions: [ { type: 'user', }, { type: 'document', relations: { reader: { this: {}, }, writer: { this: {}, }, owner: { this: {}, }, }, metadata: { relations: { reader: { directly_related_user_types: [{ type: 'user' }] }, writer: { directly_related_user_types: [{ type: 'user' }] }, owner: { directly_related_user_types: [{ type: 'user' }] }, }, }, }, ], }} allowedLanguages={[ SupportedLanguage.JS_SDK, SupportedLanguage.GO_SDK, SupportedLanguage.DOTNET_SDK, SupportedLanguage.PYTHON_SDK, SupportedLanguage.JAVA_SDK, SupportedLanguage.CLI, SupportedLanguage.CURL, ]} />

The API will then return the authorization model ID.

:::info Note The OpenFGA API only accepts an authorization model in the API's JSON syntax.

To convert between the API Syntax and the friendly DSL, you can use the FGA CLI. :::

Related Sections

<RelatedSection description="Take a look at the following sections for more information on how to configure authorization model in your store." relatedLinks={[ { title: 'Getting Started with Modeling', description: 'Read how to get started with modeling.', link: '../modeling/getting-started', }, { title: 'Modeling: Direct Relationships', description: 'Read the basics of modeling authorization and granting access to users.', link: '../modeling/direct-access', }, ]} />