Hello! I have a modeling problem. In my case, there are documents with optional department. If the department is set, we only want the department member to access the doc; if not, the document is publicly accessible. I tried using wildcard for the latter case but got

wildcard relations cannot be used on the left side of arrows

. Can someone enlighten me how I can model this permission? My schema looks like this

definition user {
}

definition department {
    relation member: user
}

definition document {
  /* if no particular department is et, use wildcard */
  relation restricted_dept: department | department:*

  permission read = restricted_dept->member
}