From 9aba05c99b8666038c9efc023e0bbba8af0977a0 Mon Sep 17 00:00:00 2001
From: Daisie Huang <daisieh@gmail.com>
Date: Wed, 1 May 2024 11:37:33 -0700
Subject: [PATCH] allow service_token to view user_key

---
 permissions_engine/authz.rego | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/permissions_engine/authz.rego b/permissions_engine/authz.rego
index e638064..0ae0dd7 100644
--- a/permissions_engine/authz.rego
+++ b/permissions_engine/authz.rego
@@ -16,6 +16,9 @@ rights = {
     "site_admin": {
         "path": ["v1", "data", "permissions", "site_admin"]
     },
+    "user_id": {
+        "path": ["v1", "data", "idp", "user_key"]
+    },
     "tokenControlledAccessREMS": {
         "path": ["v1", "data", "ga4ghPassport", "tokenControlledAccessREMS"]
     }
@@ -29,7 +32,7 @@ tokens = {
         "roles": ["admin"]
     },
     service_token : {
-        "roles": ["datasets", "allowed", "site_admin", "tokenControlledAccessREMS"]
+        "roles": ["datasets", "allowed", "site_admin", "user_id", "tokenControlledAccessREMS"]
     }
 }