https://authzed.com logo
#spicedb
Title
# spicedb
j

jzelinskie

05/02/2022, 8:10 PM
You'd normally define something like that permission on the company/org itself rather than the entity that's being checked e.g.
Copy code
hs
definition user {}
definition organization {
  relation reader: user
  relation admin: user
  permission can_read_all_docs = reader + admin
}
definition doc {
  relation org: organization
  relation reader: user
  permission can_read = reader + org->can_read_all_docs // org-wide listers can also view all
}