here is my current schema : definition user {}
definition orgunit {
relation parent: orgunit
relation employee: user
relation reader: loan_agreement#external_org
permission view = employee + parent->view + reader->view
}
definition member {
relation orgunit: orgunit
relation reader: loan_agreement#external_org
permission view = orgunit->view + reader->view
}
definition external_org {
relation parent: external_org
relation employee: user
permission view = employee + parent->view
}
definition loan_agreement {
relation orgunit: orgunit
relation external_org: external_org
permission view = orgunit->view + external_org->view
}
definition loan_document {
relation loan_agreement: loan_agreement
permission view = loan_agreement->view
}
definition member_document {
relation member: member
permission view = member->view
}
definition org_unit_document {
relation orgunit: orgunit
permission view = orgunit->view
} the current problem is employee from external_org able to see loan_document and member_document. but not for org_document.