# spicedb


05/04/2022, 7:30 AM
I have a question in modelling permissions. Are there some best practices to model global permissions in spicedb? Lets say I have a video service and users have view access to some videos. Furthermore there are some people (but not all) that can flag videos but when they can, they can flag all videos that they can view. How to model this? An example could be
Copy code
definition user {}
definition root {
  relation video_flagger: user
definition video {
  relation root: root
  relation viewer: user
  permission view = viewer
  permission flag = viewer & root->video_flagger
I have the feeling that it should work but it feels weird to make a singleton resource type just for global permissions. Is this a good idea, why or why not?