Hello 👋 , I’m evaluating SpiceDB as a solution fo...
# spicedb
Hello 👋 , I’m evaluating SpiceDB as a solution for us and have been trying to implement one of our more complicated authorization paths to get a feel for the product. I’m having difficulty with one part of the schema development that I was hoping someone could help clear up. For a little background, my company uses tokens for authentication and they have associated permissions with them (permissions are not necessarily tied to a specific user because it depends how the tokens are created, whether it’s a 3rd party token or not). I’ve tried to boil down the issue into a very generic and succinct schema below. Essentially the question is: How do I specify that the `resource`’s
permission is dependent on the `token`’s relation when there isn’t a link between them? To put in a different way, the resource is only allowed to be viewed if the `token`’s
is the owner and the
has that extra permission.
Copy code
definition user {}

definition extra_permission {}

definition token {
  relation user: user
  relation extra_perm: extra_permission

definition resource {
  relation owner: user
  permission view = owner + // how to put logic for <extra_permission> here?