https://authzed.com logo
Join Discord
Powered by
is there a way to grant a relation all
# spicedb
f
is there a way to grant a relation all the permissions granted to another relation in one schema line?
v
👋 I'm having difficulties to parse this. I'm going to try anyway 😅 You can use wildcards as a "killswitch" that can enable or disable features in your schema. e.g.
Copy code
`
definition resource {
  relation enabled: user:*
  relation reader: resource#enabled
  relation write: resource#enabled
  
  permission read = reader
  permission write = writer
}
of you can use it in a different way, like a feature flag:
Copy code
definition resource {
  relation read_enabled: user:*
  relation reader: user
  relation write_enabled: user:*
  relation write: user
  
  permission read = reader & read_enabled
  permission write = writer & write_enabled
}
`
not sure if this answers your question but hopefully provides some inspiration. If you don't mind reframing your requirements I can try again
f
yeah sorry for the lack of clarity if I have a simplified schema like
Copy code
definition resource {
  relation reader: user

  permission doA = reader
  permission doB = reader
  permission doC = reader
}
of arbitrary complexity, I was looking to see if there's a way to
Copy code
definition resource {
  relation reader: user
  relation readerPlusPlus: user [= based_on reader]

  permission doA = reader
  permission doB = reader
  permission doC = reader

  permission doE = readerPlusPlus
  # readerPlusPlus also has doA, doB, and doC because it's based on reader.
}
So kind of how you can write permissions as computed from eachother, but for relations
v
you can reference other relations: definition resource { relation reader: user relation readerPlusPlus: resource#reader permission doA = reader permission doB = reader permission doC = reader permission doE = readerPlusPlus # readerPlusPlus also has doA, doB, and doC because it's based on reader. }
it's one of Zanzibar powerful constructs. You can points to nodes, or edges in the graph
f
cool, thank you!
PreviousNext
Powered by