What would be an idiomatic way to represent that users can be deactivated and should lose permissions when that happens? I was initially thinking something like

definition user {}

definition org {
   relation active_member: user
}

definition document {
    relation org: org
    relation viewer: user | group#member

    permission view = org->active_member & viewer
}

The issue is that this stops working if we support sharing documents between orgs. I was thinking of having a global

platform

entity on which I could define the active users (similar to the super admin example), I’m just worried of the performance impact of potentially having millions of active users in the platform and having to use it in an intersection at almost every check