POST /v1/tenants/{tenant_id}/permissions/lookup-subjectLookup Subject answers questions of the form: “Which users can edit document:1?” The response is a paginated array of subject IDs that satisfy the requested permission on the given entity.
Path Parameters The tenant identifier. Use t1 for single-tenant deployments. Must match ^([a-zA-Z0-9_\-@\.:+]{1,128}|\*)$.
Request Body Schema version to evaluate against. Leave empty for the latest.
Snap token to read from a consistent snapshot.
Maximum recursion depth. Must be >= 3.
The entity on which subjects’ permissions are evaluated. Entity type as defined in the schema.
Entity instance identifier.
The permission or relation to evaluate. Must match ^[a-zA-Z_]{1,64}$.
Specifies the type of subject to look up. The subject entity type to return (e.g. user).
Optional relation on the subject type.
Contextual data for this request. Temporary relationship tuples.
Temporary attribute values.
Arbitrary key-value pairs for rule expressions.
Number of subject IDs to return per page. Must be >= 1.
Pagination token from the previous response. Omit for the first page.
Response List of subject IDs that have the requested permission on the entity.
Pagination token for the next page. Empty when there are no more results.
Example curl --location --request POST 'localhost:3476/v1/tenants/{tenant_id}/permissions/lookup-subject' \ --header 'Content-Type: application/json' \ --data-raw '{ "metadata": { "snap_token": "", "schema_version": "", "depth": 20 }, "entity": { "type": "document", "id": "1" }, "permission": "edit", "subject_reference": { "type": "user", "relation": "" }, "page_size": 20, "continuous_token": "" }'
Request body { "metadata" : { "snap_token" : "" , "schema_version" : "" , "depth" : 20 }, "entity" : { "type" : "document" , "id" : "1" }, "permission" : "edit" , "subject_reference" : { "type" : "user" , "relation" : "" }, "page_size" : 20 , "continuous_token" : "" }
Response { "subject_ids" : [ "1" , "42" , "99" ], "continuous_token" : "" }
Error Codes HTTP Status Description 400Bad request — invalid fields 401Unauthorized 404Tenant not found 429Rate limit exceeded 500Internal server error
