raffaelespazzoli
09/16/2022, 5:02 PMthing
, but not to a specific object id
4. (to keep it simple) the things
are related to groups
the resolution would be that if a user belongs to a group assigned to the thing and at the same time belongs to a role with the requested permission then they are allowed.
In my attempts to model this, I always end up with roles being assigned to a specific object id, making them non-reusable (i.e. multiple assigned need to be done to each object id, at which point groups become useless and users could be assigned directly to roles.