Skip to main content

Documentation Index

Fetch the complete documentation index at: https://proxy-docs.permify.co/llms.txt

Use this file to discover all available pages before exploring further.

With Permify schema language, you can define recursive relationship-based permissions within the same entity. As an example, consider a system where there are multiple organizations within a company, some of which may have a parent-child relationship between them. As expected, organization members are also granted permission to view their organization details. You can model that as follows: 
entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.member
}
Let’s extend the scenario by adding a rule allowing parent organization members to view details of child organizations. Specifically, a member of Organization Alpha could view the details of Organization Beta if Organization Beta belongs to Organization Alpha. modeling-authorization First authorization schema that we provide won’t solve this issue because parent.member accommodate single upward traversal in a hierarchy. Instead of parent.member we can call the parent view permission on the same entity - parent.view to achieve multiple levels of upward traversal, as follows: 
entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.view
}
This way, we achieve a recursive relationship between parent-child organizations.
Credits to Léo for the illustration and for highlighting this use case.