https://authzed.com logo
#spicedb
Title
# spicedb
g

GMG-Christine

10/26/2022, 10:35 AM
Hi again, I came up with a different schema to implement our app modules. My idea is having the same ID for all modules and a module specific permission for each module. I think that will better suit our needs as we will have only a small number of modules and if we introduce new modules later, we just change the schema and that's it, without the need to migrate the folder relationships (as the ID will not change). However, it feels a bit like cheating as the ID will be the same. Any thoughts on whether this is a good idea or not are welcome. definition folder { relation reader: usergroup relation editor: usergroup // same module ID used for all modules relation shown_in_any_module: module // direct children only relation direct_child: folder permission edit = editor->member + organization->admin permission read_artifacts = reader->member + edit permission traversable = read_artifacts + direct_child->traversable // permissions for module A permission edit_in_a = edit & shown_in_any_module->a_user permission read_in_a = read_artifacts & shown_in_any_module->a_user permission traversable_in_a = traversable & shown_in_any_module->a_user // permissions for module B permission edit_in_b = edit & shown_in_any_module->b_user permission read_in_b = read_artifacts & shown_in_any_module->b_user permission traversable_in_b = traversable & shown_in_any_module->b_user } definition module { // module ID is identical for all modules, relation is specific for each module relation has_licence_for_a: user relation has_licence_for_b: user permission a_user = has_licence_for_a permission b_user = has_licence_for_b }
2 Views