erickhgm
02/03/2023, 12:40 PMdefinition user {}
definition course {
relation reader: user
relation writer: user
permission view = reader + writer
}
definition program {
relation reader: user
relation writer: user
permission view = reader + writer
}
We can have:
For alice user:
1. course:1#writer@user:alice
2. course:2#reader@user:alice
For alex user:
1. program:2#writer@user:alex
2. program:1#reader@user:alex
**Question**: How can I have a admin user who will be able to manage all resources?
This would be an application level permission. I only want to set/check if the user has a role (admin), without having to add a permission to each resource type as below:
course:*#writer@user:admin
and program:*#writer@user:admin