https://authzed.com logo
Title
y

yetitwo

08/10/2022, 7:11 PM
we're working on implementing "personas" in the context of spicedb and its schema. we chose to represent personas as a separate subject, and to define relations as potentially having either a user or persona subject:
definition site {
    relation accesses: user | persona
one of the constraints of personas is that a persona shouldn't grant access to an object that a user wouldn't otherwise have. the way we're currently approaching this is in calling logic, asking for
readPermissions
on both the persona and user and then returning the intersection of the results.