* I am trying to optimise for schema change here. I understand resource can't be user defined , so creating of new resource or adding permission to the resource will contribute to schema change. * I am adding permission to a group dynamically. inspired by this : https://authzed.com/blog/user-defined-roles/ * I am not able to contextualize the permission given to a user in a group. As in this example sumit should not have view permission on xyz template because xyz is not part of the group which has view permission. Is this possible to achieve when permission is dynamically added to a group? // // post_prasenjit_tutorial/group:vcs#member@post_prasenjit_tutorial/user:tanu // // post_prasenjit_tutorial/platform_permissions:mcp#template_update_group@post_prasenjit_tutorial/group:vcs // // post_prasenjit_tutorial/template:xyz#group@post_prasenjit_tutorial/group:vcs // // post_prasenjit_tutorial/template:xyz#permission_relation@post_prasenjit_tutorial/platform_permissions:mcp // // post_prasenjit_tutorial/group:wmd#member@post_prasenjit_tutorial/user:sumit // // post_prasenjit_tutorial/platform_permissions:mcp#template_view_group@post_prasenjit_tutorial/group:wmd // // post_prasenjit_tutorial/group:vcs#member@post_prasenjit_tutorial/user:sumit assertTrue: - "post_prasenjit_tutorial/template:xyz#update@post_prasenjit_tutorial/user:tanu" - "post_prasenjit_tutorial/template:xyz#update@post_prasenjit_tutorial/user:sumit" - "post_prasenjit_tutorial/template:xyz#view@post_prasenjit_tutorial/user:sumit"