https://authzed.com logo
#spicedb
Title
# spicedb
b

Bryan

12/04/2021, 3:17 AM
> Can you create different roles for the different groups of users or are they all user defined? I'm not 100% sure what this is asking. I should be more clear, we have two types of roles, system roles and custom roles. System roles are
read
,
write
,
admin
, etc. They a set of permissions which GitHub decides and they cannot be changed. Your playground is an excellent example of how we can model those. The difficult situations come with custom roles. Orgs can have custom roles, which are roles that represent a collection of permissions that the org admins can hand-pick. So if a user has the
write
role on a repo, I can follow your playground and make a
write
role a relation on the
repository
definition. But if a user has a custom role, it's trickier. I can't write it directly into the schema like
write
because I don't know the permissions the custom role allows. The custom role can have permissions dynamically added and removed at the org admins' discretion.