Covey
03/05/2024, 11:12 AMusers
with a specific role within any organization
are granted read
permissions for product
? And what relations would I have to write to SpiceDB?
Here's the basic schema:
plaintext
definition user {}
definition organization {
relation some_role: user
}
definition product { ... }
I've considered two potential solutions:
1. Assign the reader
relation to product
directly from `organization#some_role`:
plaintext
definition product {
relation reader: organization#some_role
}
I would then establish a relationship from each product
to all users
with the specified role.
2. Create an org
relation within product
and define the read
permission based on the some_role
relation in `organization`:
plaintext
definition product {
relation org: organization
permission read = org->some_role
}
Subsequently, I would link every product
to every organization
.
---
Are there alternative methods to accomplish this?