Hi! I wander if there is a way to model a something like exclusive ownership.
For example:
There are 2 groups of clients (A and B).
In case of client belongs to A etheir B group - it can be edited by users related to either A or B group.
But in case of client belongs to both groups - it must be editable only for B-group users.
Is it possible with pure ReBAC, or I need to wait for caveats?
v
vroldanbet
01/11/2023, 4:53 PM
we have an exclusion operator, not sure if that's what you mean
definition group {
relation member: user
}
definition user {
}
definition resource {
relation a: group#member
relation b: group#member
permission editable: b + (a - b)
}