Hi!
Can anyone suggest how to implement following functionality?
There are organizations, grades, departments and employees in my schema(https://play.authzed.com/s/WTS_myhEgBhn/schema).
I want to allow department heads to view their organization(ancestor) and applicable grades(sibling?)
If possible, I'd like to do it with few/without new relationships in DB to simplify code for updates(less relationships to delete/create), performance as of now is not a priority
v
vroldanbet
03/15/2023, 9:49 AM
hi, for some reason I answered but discord decided not to deliver the message? sorry about that
f
fix
03/15/2023, 12:22 PM
Well that's sad. Could you rewrite main points from your answer?
I need to view parent entity using user's relation to its child for showing parent in UI. Right now I'm thinking of group access(subject relation) or schema with roles and bindings, like one from your blog post about IAM (my system will have a predefined set of roles/permissions, users can have multiple roles), but I hope there is a simpler way
Thanks! Yeah, that works out, but now I'm a bit concerned about managing users' authorities.
If you don't mind, could you tell me when it's preferable to use a role/user/binding model? As I said earlier, there will be multiple roles and inherited permissions, so maybe it's better to list all possible roles in one definition like here?
https://authzed.com/blog/google-cloud-iam-modeling/
v
vroldanbet
03/15/2023, 3:36 PM
you'd use that model when Roles are used defined. If they are system defined, then I'd say don't bother