https://authzed.com logo
Powered by
Title
s

Syebaurgh

10/21/2022, 6:27 PM
on the user-defined roles, say you have a user that wants to create a role but you want the user to only add permissions they themself have. 
definition location {
    relation administrator: user | role#member
    relation devices_viewer: user | role#member

    permission admin = administrator
    permission view_devices = devices_viewer + admin
}

definition role {
    relation member: user | role#member
}
so for example, the user has the 
administrator
relation with a location and wants to create a role with the 
view_devices
permission through the 
devices_viewer
relation, but since they don't have the 
devices_viewer
relationship but have the 
view_devices
permission, how do we check that the user can grant the role the 
view_devices
permission through the 
devices_viewer
relation which would ultimately grant the role the 
view_devices
permission?
#spicedbJoin Discord
Powered by