Hi so if I wanted to give global access to some recource how do I do it? Let's say there are three entities. Users, departments and documents. two kinds of users normal users and managers. departments have members and managers. documents are also related to departments. owners can edit documents. managers can edit documents in their own department and can view any document in any department. Can someone please explain to me how to write the schema for this?

To do global access you usually have a "platform" object that everything ultimately rolls up to, and then grant access there So if every document is related to a department, you could do document to department to platform. Then you can write a relation at the platform level which can be referenced in permissions transitively from the document through department.

> is there an endpoint or anyway I can lookup permissions as well? "Which permissions can subject X do in resource Y?" No. In our experience, there isn't a good use case for such an endpoint. If you're displaying permissions in UI, you generally need context on what the permissions mean, so using a CheckBulk with a predefined list is better. If you're using it to check if a user has a specific set of permissions, CheckBulk is also preferred, since you likely don't need all of them

Awsome thanks