Joey
03/08/2022, 9:34 PMdefinition user {}
definition group {
relation member: user | group#member
permission membership = member
}
definition resource {
relation inherit: resource
relation reader: user | group#member
relation writer: user | group#member
relation noaccess: user
permission read = (reader + inherit->reader) - noaccess
permission write = (writer + inherit->writer) - noaccess
}