_definitely_not_sam_
definition object { relation org: org1 relation group: group1 permission view = org->admin if group is null else group->member }