Symptom
When adding a constraint on a role name such as 'starts with' in authorization graph, Veza returns results that do not match the constraint if a relationship is defined.
Applies To
- Authorization Graph
- Constraints
Cause
This behavior is by design, as Veza will return any intermediary roles associated with roles that do match the constraint if the relationship being drawn requires it.
Resolution
If you want to show only the Roles that truly match the constraint defined, you can clear the Select a relationship to show: picker and re-populate your constraint. In this case, because there is no relationship to draw, Veza will only return the results that match the constraint criteria specifically.
Alternatively, you can choose the "Assuming Roles" display filter and hover over one of the additional roles being shown, this will display which roles that role can assume and which it may be assumed by.
Comments
0 comments
Article is closed for comments.