Building on top of a conversation a couple days back with granting access to a category of data, what would be the correct approach? There was a previous discussion of having e.g

definition example/resourcetype {
    viewer: example/user
}

for example, but how should we think about resource types that have different actions/permissions