https://linen.dev logo
Join Slack
Powered by
# permit-saas
  • s
    This message was deleted.
    a
    p
    • 3
    • 4
  • m
    Hi! I am creating the webhook in permit.io, I need a help with that. Can anyone please help me with that
    a
    • 2
    • 3
  • m
    My flow is like. We have frontend, bff and microservice of auth service which has integrated permit.io. We have roles and permissions in permit.io. Now we will integrate the SSE for the events. Whenever we remove any permission from the permit.io the event need to be triggered and from that it need to go the frontend and it need to be reflected on that. For that I have to integrate the webhook because permit.io doesn't have a built in functionalities to create SSE instead of that in permit.io have a support to create webhook. But I don't know how to create and configure webhook for this use case. Eventough I am a workspace owner, I didn't see any options to configure webhook. Please help me with this.
    a
    p
    +2
    • 5
    • 36
  • m
    @Ask Inkeep Is it possible to create a copy of a tenant? I want to duplicate a directory from one tenant to another,
    a
    a
    • 3
    • 7
  • p
    I have a react based frontend how can use permit to add restriction on buttons as well and modify my UI do we have any sdk
    a
    a
    • 3
    • 4
  • p
    can i create roles only for a specific tenant
    a
    o
    • 3
    • 8
  • r
    Hi, I'm getting a 
    428 Precondition Required
     error when calling permit.api.users.getAssignedRoles(). I could not find any mention of this error in Permit's docs, can I get some clarification about what this error means? Thanks!
    a
    t
    p
    • 4
    • 16
  • a
    Howdy! Having trouble setting up the PDP service on docker. INFO Fetching PDP config from control plane… ERROR Expecting value: line 1 column 1 (char 0) CRITICAL Sidecar failed to start … 'NoneType' object has no attribute 'context' This happens on each restart. Even with the correct "dev" PDP environment key, and rotating it a few times, curling https://api.permit.io/v1/pdps/me/config returns a 403 Forbidden. Could you verify the key’s scope or let us know if there’s an updated endpoint we should be hitting? Thanks!
    a
    p
    • 3
    • 5
  • a
    is there a way to just create resources at the project level, rather than needing to recreate at the environment level each time?
    a
    p
    o
    • 4
    • 8
  • a
    corepack pnpm permit:bootstrap -- --env dev
    minduo@0.1.0 permit:bootstrap /Users/alechandal/Repos/minduo
    tsx scripts/permit/bootstrap-resources.ts -- --env dev
    {"level":50,"time":"2025-11-03T172247.414Z","label":"permit-bootstrap","msg":"Got error status code: 500, err:{\"id\":\"30f50c095157412cb3370c9bb5656428\",\"title\":\"The request could not be completed\",\"error_code\":\"UNEXPECTED_ERROR\",\"message\":\"You did nothing wrong, but we could not finish your request due to a technical issue on our end. Please try again.\\nIf the issue keeps happening, contact our support.\"}"} Failed to bootstrap Permit resources PermitApiError: You did nothing wrong, but we could not finish your request due to a technical issue on our end. Please try again. If the issue keeps happening, contact our support for further guidance. at ResourcesApi2.handleApiError (...) at ResourcesApi2.replace (...) at async main (.../scripts/permit/bootstrap-resources.ts2525) { originalError: AxiosError: Request failed with status code 500 at settle (...) at IncomingMessage.handleStreamEnd (...) at process.processTicksAndRejections (...) at Axios.request (...) at async ResourcesApi2.replace (...) at async main (.../scripts/permit/bootstrap-resources.ts2525) { code: 'ERR_BAD_RESPONSE', config: { baseURL: 'http://localhost:7766/', method: 'put', data: '{"name":"Organization","actions":{"create":{},"invite":{},"deprovision":{}},"attributes":{"orgId":{"type":"string","description":"Primary key from Minduo database"}}}', url: 'https://api.permit.io/v2/schema/<project-id>/<env-id>/resources/organization', headers: { Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json', 'X-Permit-SDK-Version': 'node:0.1.0', Authorization: 'Bearer <REDACTED>', 'User-Agent': 'axios/1.13.1', 'Content-Length': 166, 'Accept-Encoding': 'gzip, compress, deflate, br', Host: 'api.permit.io', Connection: 'keep-alive' }, // remaining axios metadata omitted for brevity }, response: { status: 500, statusText: 'Internal Server Error', headers: { /* redacted */ }, data: { /* redacted */ } }, status: 500 } }
    a
    a
    t
    • 4
    • 9
  • e
    Hi, I'm wondering if the List Role Assignments local query changed recently: https://pdp-api.permit.io/redoc#tag/Local-Queries/operation/list_role_assignments_local_role_assignments_get Previously this would return a complete list of a user's permissions, but now the list is missing entries.
    a
    p
    +2
    • 5
    • 24
  • a
    Am I able to set policies by role / resource using OpenAPI / yaml and then syncing via the CLI / SDK? Or do I need to use the UI?
    a
    o
    • 3
    • 9
  • s
    Hey team — I recently started using Permit.io in our project as a web API access controller and have some feedback on the URL-mapping feature: 1. Localhost URLs aren’t accepted Addresses like 
    <http://localhost:8787>
    aren’t allowed as URL inputs, which makes local testing difficult. 2. One (URL, method) → only one (resource, action) Each (url - method) can be mapped to only a single (resource-action). Some endpoints return information across multiple resources, so we need to map to multiple resource/action pairs. 3. Multi-tenancy support The provided example flow doesn’t seem to support a multi-tenant setup (no clear way to include tenantId).
    Copy code
    fetch('<https://proxy.api.permit.io/proxy/xxxxxxxxxxxxxxxxxxxxxxxx?url=><PROXIED_URL>', {
  method: '<HTTP_METHOD>',
  headers: {
    'Authorization': 'Bearer <USER_JWT>'
  }
});
    If I’m missing a configuration or workaround for any of the above, I’d appreciate pointers. Thanks!
    a
    a
    +2
    • 5
    • 15
  • m
    Is permit.io callback can support GRPC?
    a
    o
    • 3
    • 4
  • s
    hi. how do i delete a workspace? my github is associated with the wrong email for login. thanks
    a
    p
    o
    • 4
    • 5
  • s
    Hey team - I’m running into an issue while testing ownership access control with ABAC, using the pattern described in the link below: https://docs.permit.io/how-to/build-policies/abac/patterns#ownership-via-list-on-resource
    Copy code
    {
  "__data_use_debugger": true,
  "__input_use_debugger": true,
  "allow": false,
  "allowing_sources": [],
  "debug": {
    "abac": {
      "allow": false,
      "code": "no_matching_rules",
      "matching_resourcesets": [
        "Draft_Blog",
        "User",
        "__autogen_Blog"
      ],
      "matching_usersets": [
        "Draft_Blog",
        "User",
        "__autogen_Blog"
      ],
      "reason": "user 'seiichi1101_user' does not match any rule that grants him the 'read' permission on the given resource of type 'Blog'",
      "support_link": "<https://docs.permit.io/errors/no_matching_rules>"
    },
    "rbac": {
      "allow": false,
      "code": "user_not_synced",
      "reason": "user 'seiichi1101_user' is not synced and therefore has no known role assignments",
      "support_link": "<https://docs.permit.io/errors/user_not_synced>"
    },
    "request": {
      "action": "read",
      "resource": {
        "attributes": {
          "is_paid": false,
          "is_published": false,
          "owner": "seiichi1101_user",
          "type": "Blog"
        },
        "type": "Blog"
      },
      "tenant": "default",
      "user": {
        "attributes": {
          "is_staff": false,
          "roles": [],
          "subscription_plan": "free",
          "tenants": []
        },
        "key": "seiichi1101_user",
        "synced": false
      }
    }
  },
  "debugger_activated": true
}
    As you can see in the log and screenshot, access is denied even though I’ve set up the User Sets, Resource Sets, and policy assignments in the Policy Editor. It says 
    "user 'seiichi1101_user' does not match any rule that grants him the 'read' permission on the given resource of type 'Blog'",
    . My expectation is that the user with 
    key: "seiichi1101_user"
    should be allowed to access the resource set MyBlog, because its resource condition is configured as 
    "resource.owner" - "equals" - "user.key"
    and the policy is assigned accordingly. Is there anything I’m missing here?
    a
    a
    t
    • 4
    • 17
  • e
    found a potential "bug" / typo in node sdk. I'm working with bulk unassign, def:
    Copy code
    export interface RoleAssignmentRemove {
    /**
     * the role that will be unassigned (accepts either the role id or the role key)
     * @type {string}
     * @memberof RoleAssignmentRemove
     */
    role: string;
    /**
     * the tenant the role is associated with (accepts either the tenant id or the tenant key)
     * @type {string}
     * @memberof RoleAssignmentRemove
     */
    tenant?: string;
    /**
     * the resource instance the role is associated with (accepts either the resource instance id or key using this format resource_type:resource_instance)
     * @type {string}
     * @memberof RoleAssignmentRemove
     */
    resource_instance?: string;
    /**
     * the user the role will be unassigned from (accepts either the user id or the user key)
     * @type {string}
     * @memberof RoleAssignmentRemove
     */
    user: string;
}
    but when I make the actual api call, its stating that 
    tenant
    is NOT optional
    a
    a
    • 3
    • 4
  • e
    also question regarding 'default' tenants. shouldn't leaving out tenant (for other api endpoints for examples) default to 
    default
    tenant? i'm noticing that in some of my other apis, when I withold tenant,it doesn't append anything to the 'default' tenant only my other one created. Do I always have to enforce 
    default
    tenant at all times if I only want one?
    a
    o
    • 3
    • 19
  • n
    Hello, where can I find the link to billing for app.permit.io ?
    a
    p
    • 3
    • 5
  • c
    Hi, I'm having an issue accessing the API docs since yesterday, have they moved? https://api.permit.io/v2/redoc Thanks
    a
    o
    a
    • 4
    • 7
  • s
    This message was deleted.
    a
    • 2
    • 3
  • s
    I have an attribute "ViewUsersOnly" (string array) in my resource and an attribute "company" (string) in users. I have a resource set that I created for my ABAC policy with a condition [resource.ViewUsersOnly] [array contains (ref)] [user.key] and it yields the resource when ViewUsersOnly contains the key of the user. But this resource set yields even after I changed the resource set to [resource.ViewUsersOnly] [array contains (ref)] [user.company]. Am I missing something?
    a
    p
    +3
    • 6
    • 14
  • y
    I am experiencing slowness when calling endpoint https://api.permit.io/v2/facts/9aa8bcdc454049cd8c1459f6d1215b4f/f5b553a6ef6847779addd901fc44327b/relationship_tuples/bulk for bulk relationship tuple creation. projectId 9aa8bcdc454049cd8c1459f6d1215b4f and environmentId f5b553a6ef6847779addd901fc44327b. even with single operation it takes about 24 seconds. calling single without batch only takes milli seconds. could you please help me with thi.
    a
    a
    • 3
    • 12
  • t
    Hi , I’m experiencing an issue related to url_mapping. I currently have 5 URL mapping configurations (Proxy Configs), and the issue occurs specifically when I create mappings using regex. The problem is that 
    url_type
    is not being saved correctly    . For example, this mapping is saved properly and appears with the regex badge on the frontend:
    Copy code
    {
  "url": "https?://api.abclojistik.com/test/api/erp/(?:tr|en)/reports/?.*$",
  "url_type": "regex",
  "http_method": "get",
  "resource": "erp_report",
  "headers": {},
  "action": "read",
  "priority": null
}
    However, this one gets saved with 
    "url_type": null
    even though it is also a regex, and the frontend still shows it with the regex badge:
    Copy code
    {
  "url": "https?://api.abclojistik.com/test/api/hub/(?:tr|en)/orders/?.*$",
  "url_type": null,
  "http_method": "patch",
  "resource": "hub_order",
  "headers": {},
  "action": "update",
  "priority": null
}
    When I fetch this configuration from the Permit.io API, it does not indicate that it’s a regex. I’m not sure if this inconsistency is the root cause, but I’m also getting a PDP crash when calling the 
    allowed_url
    endpoint. I’ve attached the PDP crash logs to this message. it gives error about Horizon server. But this error occured after i added new url_mappings. I need to resolve this issue as soon as possible. Any help would be greatly appreciated.
    a
    a
    • 3
    • 16
  • s
    Hi, I have a requirement whereby the access granted, to a user, by a ReBAC resource role takes precedence over the access granted by an ABAC condition set. Can this be remedied by a custom policy and how?
    a
    a
    • 3
    • 8
  • y
    Hi, If we create an action or relation with _ (underscore) using api or sdk it works ok and we have used this a lot. the issue is now we can't change anything in permitui that has underscore as it seems there is an enforcement in UI that doesn't allow underscore in names. any advice?
    a
    a
    • 3
    • 5
  • c
    Hi! The permit pdp docker container log is fill with the following warning
    Copy code
    horizon.opal_relay_api                  |WARNING | Could not report uptime status to server: got status code 503 from relay-api. This does not affect the PDP's 
operational state or data updates.\n", "record": {"elapsed": {"repr": "0:03:43.577686", "seconds": 223.577686}, "exception": null, "extra": {}, "file": {"name": 
"opal_relay_api.py", "path": "/app/horizon/opal_relay_api.py"}, "function": "_run", "level": {"icon": "⚠️", "name": "WARNING", "no": 30}, "line": 183, "message": 
"Could not report uptime status to server: got status code 503 from relay-api. This does not affect the PDP's operational state or data updates.", "module": 
"opal_relay_api", "name": "horizon.opal_relay_api", "process": {"id": 17, "name": "MainProcess"}, "thread": {"id": 281472985017632, "name": "MainThread"}, "time": 
{"repr": "2025-11-18 06:59:00.254824+00:00", "timestamp": 1763449140.254824}}}
    Is there any setting I did not set, like the uptime server url?
    a
    o
    o
    • 4
    • 13
  • s
    This message was deleted.
    a
    • 2
    • 3
  • s
    We keep getting issues where Permit can't access our PDP. It keeps returning 500s until we restart it, when it starts working again for a couple minutes and then stops. It doesn't fully stop it's just on users that are newly added.
    a
    p
    o
    • 4
    • 13
  • m
    Hi all! New here and just started tinkering with Permit in the past couple weeks, and it's really been helpful at helping me sort out access control. I have a location resource and the resource roles of location-staff, and basically, I want a robust way to detect if a user has the role of location-staff at all (doesn't matter which resource instance they have that role in, simply whether they have it at all) and I want to reference that to define a custom ABAC role. I'm trying to do this because there are tenant-level permissions I want to give to people that are location-staff but want to avoid having to assign/unassign them top level roles programmatically (or user attributes) every time we either give them the role for the first time or remove the location-staff resource instance role entirely. Is this possible? Or am I approaching this the wrong way? I've tried searching through the docs/asking the Permit AI about this specific issue (resource instance roles as attributes) to no avail; every answer I get seems to be only about top level roles (user.roles in the ABAC configuration seems to only be about top level roles?). Thank you for the work that you do!
    a
    o
    • 3
    • 7