https://authzed.com logo
Title
p

phroggyy

02/10/2022, 1:25 PM
with regards to managing permissions through "teams", e.g "this role within this team, should have access to all orders related to the team", would it be correct to model the team as a resource, with each role being a relation, and then have the resource have a relation to the team, with a "global" permission on the team. E.g something like this
definition user {}

definition team {
    relation account_manager: user
    relation sales_director: user
    relation member: user

    permission view_associated_orders = sales_director + account_manager
}

definition order {
    relation team: team

    permission view = unit->view_associated_orders
}