https://authzed.com logo
Title
s

Syebaurgh

10/21/2022, 6:27 PM
on the user-defined roles, say you have a user that wants to create a role but you want the user to only add permissions they themself have.
definition location {
    relation administrator: user | role#member
    relation devices_viewer: user | role#member

    permission admin = administrator
    permission view_devices = devices_viewer + admin
}

definition role {
    relation member: user | role#member
}
so for example, the user has the
administrator
relation with a location and wants to create a role with the
view_devices
permission through the
devices_viewer
relation, but since they don't have the
devices_viewer
relationship but have the
view_devices
permission, how do we check that the user can grant the role the
view_devices
permission through the
devices_viewer
relation which would ultimately grant the role the
view_devices
permission?