https://authzed.com logo
Title
a

alex87

10/12/2022, 1:30 PM
I have a modelling question on role hierarchy: In my case there is a hierarchy of 1 to N roles, e.g. user -> manager -> senior manager -> chief manager -> .... It should be possible for each role to define that it should have the same permissions as all of the users below in the hierarchy, e.g. manager can do everything what user can do. But: The depth (level) to go down in the hierarchy should be configurable, e.g. 1 level deep, 2 level deep, all levels deep, ... e.g. Chief manager can do everything what all users below can do, but only 2 levels deep. I have modelled the role example with "all access, all levels deep", this works. Although i find it not ideal to pass through all the permissions from one role to another along the hierarchy. Maybe there is some better way, because if one permission is not passed trough, the upper level in the hierarchy will miss the permission. But I currently do not see an easy way to make the depth/levels easily configurable. Any ideas? schema:
definition user {
      relation manager: manager
      permission add_user_rights = manager->add_manager_rights
  }

  definition manager {
      relation user: user
      relation senior_manager: senior_manager
      permission add_manager_rights = senior_manager->add_senior_manager_rights + user
  }

  definition senior_manager {
      relation user: user
      relation chief_manager: chief_manager
      permission add_senior_manager_rights = chief_manager->user + user
  }

  definition chief_manager {
      relation user: user
  }

  definition user_details {
      relation user: user
      permission edit_user_details = user + user->add_user_rights
  }
relations:
manager:max#user@user:max
  user:mike#manager@manager:max
  senior_manager:marco#user@user:marco
  user_details:details_mike#user@user:mike
  manager:max#senior_manager@senior_manager:marco
  chief_manager:matthias#user@user:matthias
  senior_manager:marco#chief_manager@chief_manager:matthias