# spicedb


02/10/2022, 1:25 PM
with regards to managing permissions through "teams", e.g "this role within this team, should have access to all orders related to the team", would it be correct to model the team as a resource, with each role being a relation, and then have the resource have a relation to the team, with a "global" permission on the team. E.g something like this
Copy code
definition user {}

definition team {
    relation account_manager: user
    relation sales_director: user
    relation member: user

    permission view_associated_orders = sales_director + account_manager

definition order {
    relation team: team

    permission view = unit->view_associated_orders