https://authzed.com logo
#spicedb
Title
# spicedb
c

csteinbe

11/29/2021, 3:32 PM
Hi! I'm on the GitHub team working on modeling our authz with spicedb, and had a question about "self" relationships. A resource can live under an organization or a user (think repos or packages). In order to see if a user can create a resource under an organization, it's simple to model it with a
member
check.
Copy code
definition github/organization {
  ...
  permission create_resource = membership
}
I'm looking at the user owned case, and want to limit creating resources owned by the user to the user only. Is there a
self
relationship available in the schema language? I'd like to be able to define:
Copy code
definition github/user {
  ...
  permission create_resource = self
And then have an assertion:
Copy code
assertTrue:
  - github/user:cjs#create_package@github/user:cjs
assertFalse:
  - github/user:cjs#create_package@github/user:rando
The alternative is to define a container that can be owned by a user (or org) that holds the
create_resource
permissions.