You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openfga/v1/openfga_service.proto
+3-8Lines changed: 3 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -765,8 +765,9 @@ service OpenFGAService {
765
765
"You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly.\n"
766
766
"The response will contain the related users in an array in the \"users\" field of the response. These results may include specific objects, usersets \n"
767
767
"or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string."
768
-
"In certain cases of negation via the `but not` operator, some results are marked as excluded from the main set of results. These exclusions \n"
769
-
"are returned in the `excluded_users` property and should be handled appropriately at the point of implementation."
768
+
"In cases where a type-bound public acces result is returned (e.g. `user:*`), it cannot be inferred that all subjects\n"
769
+
"of that type have a relation to the object; it is possible that negations exist and checks should still be queried\n"
770
+
"on individual subjects to ensure access to that document."
770
771
"The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE "
771
772
"and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first.\n"
772
773
"The returned users will not be sorted, and therefore two identical calls may yield different sets of users."
0 commit comments