Skip to main content

Update Relationship Tuples

note
OpenFGA is an open source Fine-Grained Authorization solution based on Google's Zanzibar. We welcome community contribution to this project.

This section will illustrate how to update relationship tuples.

Before You Start

  1. Deploy an instance of the OpenFGA server, and have ready the values for your setup: FGA_STORE_ID, FGA_API_HOST and, if needed, FGA_API_TOKEN.
  2. You have installed the SDK.
  3. You have configured the authorization model.
  4. You have loaded FGA_STORE_ID and FGA_API_HOST as environment variables.

Step By Step

Assume that you want to add user anne to have relationship reader with object document:Z

{
user: 'anne',
relation: 'reader',
object: 'document:Z',
}

01. Configure The OpenFGA API Client

Before calling the write API, you will need to configure the API client.

// import the SDK
const { OpenFgaApi } = require('@openfga/sdk');

// Initialize the SDK with no auth - see "How to setup SDK client" for more options
const fgaClient = new OpenFgaApi({
apiScheme: process.env.FGA_API_SCHEME, // Either "http" or "https", defaults to "https"
apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
storeId: process.env.FGA_STORE_ID, // Either "http" or "https", defaults to "https"
});

02. Calling Write API To Add New Relationship Tuples

To add the relationship tuples, we can invoke the write API.


await fgaClient.write({
writes: {
tuple_keys: [
{ user: 'anne', relation: 'reader', object: 'document:Z'}
]
}
});

03. Calling Write API To Delete Relationship Tuples

To delete relationship tuples, we can invoke the write API.

Assume that you want to delete user anne's reader relationship with object document:Z

{
user: 'anne',
relation: 'reader',
object: 'document:Z',
}

await fgaClient.write({
deletes: {
tuple_keys : [
{ user: 'anne', relation: 'reader', object: 'document:Z'}
]
}
});
Managing User Access

Learn about how to give a user access to a particular object.

Managing Group Access

Learn about how to give a group of users access to a particular object.

Transactional Writes

Learn about how to update multiple relations within the same API call.