> definition folder { > relation parent: folder > relation reader : user | group#member > relation organization : organization > permission organization_member = organization->member > permission read= reader + parent->read & organization_member > > } > definition group{ > relation user: user > relation group: group#member > permission member = user + group->user > } > definition user{} > definition organization{ > relation reader: user | group#member > relation member: user | group#member > permission read = reader > }