Alek K

01/11/2023, 1:33 PM
Hi! I wander if there is a way to model a something like exclusive ownership. For example: There are 2 groups of clients (A and B). In case of client belongs to A etheir B group - it can be edited by users related to either A or B group. But in case of client belongs to both groups - it must be editable only for B-group users. Is it possible with pure ReBAC, or I need to wait for caveats?


01/11/2023, 4:53 PM
we have an exclusion operator, not sure if that's what you mean
definition group {
  relation member: user

definition user {


definition resource {
  relation a: group#member
  relation b: group#member

  permission editable: b + (a - b)