Resource Specific Roles

Let’s modify the global roles schema to represent resource-specific roles. Basically we include a new file entity and define specific permissions for it. Here’s an updated version of the schema:

entity user {}

entity organization {
    // roles
    relation admin @user
    relation member @user
    relation manager @user
    relation agent @user
}

entity file {
    // file-specific relations
    relation owner @user
    relation org @organization
    relation vendor @vendor

    // file-specific permissions
    permission view = org.admin or org.manager or (org.member not org.agent) or owner
    permission edit = org.admin or org.manager or owner
    permission delete = org.admin or owner
}

entity vendor {
    // vendor-specific relations
    relation primary_contact @user
    relation org @organization
    
    // vendor-specific permissions
    permission manage = org.admin or org.agent
    permission view = org.admin or org.manager or org.agent or primary_contact
}

This model defines several entities and their relationships, permissions, and actions. Let’s break it down:

User Entity

This is a basic entity with no defined relations or permissions.

Organization Entity

Defines four roles: admin, member, manager, and agent.
These are represented as relations to the user entity.

File Entity

Relations

owner: relates to a user
org: relates to an organization
vendor: relates to a vendor

Permissions

view: granted to org admins, managers, members (excluding agents), or the file owner
edit: granted to org admins, managers, or the file owner
delete: granted to org admins or the file owner

Introduction

Getting Started

Modeling Guides

Setting Up

Operations

Integrations

Use Cases

Migration

User Entity

Organization Entity

File Entity

Relations

Permissions

Vendor Entity

Relations

Permissions

Introduction

Getting Started

Modeling Guides

Setting Up

Operations

Integrations

Use Cases

Migration

Documentation Index

​User Entity

​Organization Entity

​File Entity

​Relations

​Permissions

​Vendor Entity

​Relations

​Permissions

User Entity

Organization Entity

File Entity

Relations

Permissions

Vendor Entity

Relations

Permissions