11/18/2022, 6:54 PM
An organization has employee and Manager. Employee has confidential and public data. Employee can view, edit and access his data. Employee's direct manager can view and access his/her confidential data. Anyone in organization can view anyone's public data data. definition employee { relation direct_manager: employee permission access = direct_manager } definition confidential_employee_data { relation owner: employee permission own = owner permission access = owner + owner->access } definition public_employee_data { relation owner: employee relation viewer: employee:* permission own = owner permission view = viewer } Test Relationships confidential_employee_data:jake_address#owner@employee:jake employee:jake#direct_manager@employee:jimmy confidential_employee_data:david_address#owner@employee:david employee:david#direct_manager@employee:peter public_employee_data:david_name#viewer@employee:* public_employee_data:peter_name#viewer@employee:* public_employee_data:david_name#owner@employee:David