id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
1838266862,I_kwDOBm6k_c5tkbnu,2126,Permissions in metadata.yml / metadata.json,36199671,closed,0,,,3,2023-08-06T16:24:10Z,2023-08-11T05:52:30Z,2023-08-11T05:52:29Z,NONE,,"https://docs.datasette.io/en/latest/authentication.html#other-permissions-in-metadata says the following:

> For all other permissions, you can use one or more ""permissions"" blocks in your metadata.

> To grant access to the permissions debug tool to all signed in users you can grant permissions-debug to any actor with an id matching the wildcard * by adding this a the root of your metadata:

```yaml
permissions:
  debug-menu:
    id: '*'
```

I tried this.

My `metadata.yml` file looks like:

```yaml
permissions:
  debug-menu:
    id: '*'
  permissions-debug:
    id: '*'
plugins:
  datasette-auth-passwords:
    myuser_password_hash:
      $env: ""PASSWORD_HASH_MYUSER""
```

And then I run

```zsh
datasette -m metadata.yml tiddlywiki.db --root
```

And I open a session for the ""root"" user of datasette with the link given.

I open a private browser session and log in as ""myuser"" from http://127.0.0.1:8001/-/login

Then I check http://127.0.0.1:8001/-/actor which confirms that I am logged in as the ""myuser"" actor

```json
{
    ""actor"": {
        ""id"": ""myuser""
    }
}
```

In the session where I am logged in as ""myuser"" I then try to go to http://127.0.0.1:8001/-/permissions

But all I get there as the logged in user ""myuser"" is

> Forbidden
>
> Permission denied

And then if I check the http://127.0.0.1:8001/-/permissions as the datasette ""root"" user from another browser session, I see:

> permissions-debug checked at 2023-08-06T16:22:58.997841 ✗ (used default)
>
> Actor: {""id"": ""myuser""}

It seems that in spite of having tried to give the `permissions-debug` permission to the ""myuser"" user in my `metadata.yml` file, datasette does not agree that ""myuser"" has permission `permissions-debug`..

What do I need to do differently so that my ""myuser"" user is able to access http://127.0.0.1:8001/-/permissions ?",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/2126/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed