How does this translate to policy decision? Is it (RBAC || ReBAC || ABAC) && customRego? Or is it (RBAC && ReBAC && ABAC && customRego)?

allow {
    policies.allow
	custom.allow
}

@Ask Inkeep

Hi, my org signed up for a pro tier subscription but we can't sign into the workspace / account because we are using our orgs domain which is not compatible with Google, GitHub or Microsoft sign in options... is there a way to sign in with username/password?

👋 I went live with permit in production on Thursday of last week and I've seen irregular but consistent 500 and 502 level errors logged by the PDP. I'm using the GCP cloud run deployment method. I noticed today that the PDP is actually logging a substantial amount of errors but for whatever reason they are not being captured by GCP logs explorer as errors. Org: FabuBlox, Project: Default, environment: production Here's an example of a log line that the pdp is writing to stderr but isn't captured as an Error using the documented cloud run deployment pattern.

{
  "textPayload": "[2025-07-15T07:33:22Z ERROR pdp_server::api::authz::allowed] Failed to send request to OPA: Failed to send request to OPA: error sending request",
  "insertId": "[REDACTED_INSERT_ID]",
  "resource": {
    "type": "cloud_run_revision",
    "labels": {
      "location": [REDACTED_LOCATION],
      "configuration_name": "pdp-production",
      "service_name": "pdp-production",
      "project_id": "[REDACTED_PROJECT]",
      "revision_name": "[REDACTED_REVISION]"
    }
  },
  "timestamp": "2025-07-15T07:33:22.601969Z",
  "labels": {
    "instanceId": "[REDACTED_INSTANCE_ID]"
  },
  "logName": "projects/[REDACTED_PROJECT]/logs/run.googleapis.com%2Fstderr",
  "receiveTimestamp": "2025-07-15T07:33:22.607515466Z"
}

Additionally, in the monitoring page on https://app.permit.io/monitoring I see a lot of red indicators that seem to mean the pdp is struggling to connect with the external permit api but I can't get any additional information from the page.

Hey all, a question about ABAC + performance. It seemed to significantly improve in the past few months, and I need to validate if it's safe for me to use this in production (it was not before). More details in the thread.

Hi Everyone, Quick question, is it possible to export Permit logs using OTEL? I am specifically interested in knowiing about MCP Permit and Agent.security products in addition to the platform in general.

It's clear that Permit.io can indeed provide easily the list of accessible resources for a user. My question is about the integration with Supabase, specifically regarding scalability and usability of these results. How can we effectively pass the list of accessible entities (e.g., car IDs) from Permit.io to Supabase, especially when dealing with millions of records? We'd need to: 1. Apply additional filters (e.g.,

WHERE color = 'red'

) on top of the accessible entities. 2. Make these results paginable (e.g.,

LIMIT X OFFSET Y

). What's the recommended scalable approach for this "data filtering" in Supabase, given Permit.io provides the authorized list?

@William Afonso has left the channel

FW Message from #C02TVG7RY1X Hi all, We are currently struggling to deploy the permit pdp in our local kubernetes. I know its open source, and not sure if troubleshooting should go through this slack, however, the helm isn’t doing a great job of setting everything up it seems and I am having a variety of issues from inability to connect to various ports and SSL to name a few. Please let me know what best steps I should take to troubleshoot and remedy if there are any. @Or Weis mentioned that the helm chart provided is just a suggestion - does this imply I should be recreating the whole thing rather than just using what is provided? Thank!

Hello. Getting the following errors trying to update resources. Condition sets, resource attributes, resource sets. All having this issue or just hanging.

{
  "id": "c1944e23b30242e793cc482390cb620d",
  "title": "The request could not be completed",
  "error_code": "UNEXPECTED_ERROR",
  "message": "You did nothing wrong, but we could not finish your request due to a technical issue on our end. Please try again.\nIf the issue keeps happening, contact our support on Slack for further guidance."
}

Hello, I have a question about user provisioning. We have internal users that are Authenticated by Entra ID profiles and we have been able to sync the users from Entra ID using this guide https://docs.permit.io/integrations/SCIM/EntraID the question I have then, is how can I sync across user properties other than their email / name, such as attributes like department with SCIM? also when is syncing with SCIM actually preferable, because with the SDK, you can syncUser with the attributes from the auth provider easily? Thanks!

Everything is working for a while but this seems to keep happening periodically?

I am using reverse search using authorized users api https://docs.permit.io/how-to/enforce-permissions/authorized-users/ . My permit pdp version is also latest (0.9) and It is mentioned in the doc that this api is still in eap. My organisation has a pro account and I always get an empty user set whenever I try to get authorized users.. Also I am using resource sets for my use case assigned permission to normal rbac roles

Hi, I am evaluating Permit for my client. I have one issue I can not figure out. I try to get UserPermissions from local PDP

Context context = new Context();
context.put("enable_abac_user_permissions", Boolean.TRUE);
UserPermissions userPermissions = permit.getUserPermissions(new GetUserPermissionsQuery(User.fromString("123"), null,null, null, context));

I only get roles, but no resources or permissions. I have ABAC permission configured with resource and user attributes. Any clue what am I doing wrong ?

We just hit an issue where out of nowhere our PDP stopped returning all the permissions. We had to restart the PDP which got us back into a good place. Seems like the cache got totally messed up. We are using permitio/pdp-v2:0.8.1. Any ideas what could have caused this? Never have had issues with this before.

Hi. My name is Graham. I am the sole technical person in a partnership. We train business women. Our customer base is small. We want to provide management procedures online and a client training platform. Expecting under 100 users. My expertise is python and have built a simple FastApi application (to be built out later). I use Auth0 and Permit.io. I would like help with the authorisation flow once Auth0 has returned a token. Thank you

@Ask Inkeep please describe policy migration from development to staging and finally production

Hi I'm evaluating Permit.io endpoints. Is there an endpoint in permit.io that will answer the question: What action does User X have on Resource instance Z?

I want to integrate permit for RBAC , we have system where our tenants can create multiple enviroment how can i manage this.?

how to create a user under a tenant using go sdk example i have a tenant created with abc key and from go sdk i am creating a user i am sending the tenant_id using the create method the user is getting created but its not assosiated to the tenant i am not able to see that user under that tenant on the UI i have to go on the UI and set the tenant

I have a resource and admin role created for a user under a tenant , what it is the go syntax to check for the permission

I have a question about the price list. If I have 4 environments and each of them has 150 users (the same ones), should I choose MAU 150 or 600?

I have set up the auth for my backend to protect the routes but i also want to manage these permissions on the UI i mean if the user has a role which dont have access to create a resource i will remove the button for him i think i will need to send an API to frontend which will give all the details of the user , like list of all the permissions per resource the user has how to do this in fastest way which function shall i use

docker run -it \ -p 7766:7000 \ --env _PDP_ORG_API_KEY_=<YOUR_ORG_API_KEY> \ --env _PDP_ACTIVE_PROJECT_=<YOUR_PROJECT_ID_OR_KEY> \ --env _PDP_ACTIVE_ENV_=<YOUR_ENVIRONMENT_ID_OR_KEY> \ --env _PDP_DEBUG_=True \ permitio/pdp-v2:latest can anyone help me to set up these keys , i tried to set these up, its showing incorrect

how do i use this function in go sdk to get all the permissions of the user.? (Get User Permission)

Hi, does the rust PDP support ipv6? I'm trying to deploy it on fly.io which only supports ipv6 for internal applications

Hello team, having some challenges with go sdk check function for resource/instance roles. I thought if I put the resource as 'resource_name:instance_name' in the resource value it would work but the Audit shows no resource found. How do I configure roles/user for instance roles and pass the appropriate information in the Check function?

Now in the right channel og: Hi, is it possible to use the Frontend Components without exposing any user data outside our own VPC ? Clarification: I'm talking about e.g. this: https://docs.permit.io/embeddable-uis/element/user-management How would the element know how the user is called if I only provide a user ID ?

@Ask Inkeep how to deal with unverified email during authentication

Hey Permit.io team — we experienced a temporary outage today where users lost access. Timeline: • Around 17:06 UTC — PDP service started returning 502 errors. • Logs showed Service 'python3' health check failed with Connection reset by peer errors. • Restarting the PDP pod restored service immediately. Request: Could you help us understand what could have caused the PDP to fail health checks and return 502 errors, and whether there’s anything we should adjust on our side to prevent this in future?

Hi there, Im transferring my question from #C02TVG7RY1X ------------ Hi guys, I am experiencing a problem now: We have a backend call to

permit.getUserPermissions(id)

through the sdk, and it will return a full list of permission to the front end to render the items. Previously when we changed the roles of a user, the changes in the permission returned from that call also happens near real-time/immediately, but starting yesterday the

getUserPermissions

only returns the correct permission after around 5 mins approximately (different every time) after we changed the roles. Do you know why ? It looks like the rendering of the roles on permit.io side has some issue and propagation of the policy to our PDP is delayed