Schema design question stemming from patterns blog post

Question

fierro · Answer

given the example schema for the site wide super admin example

fierro · Answer

definition platform relation administrator user permission super admin = administrator definition organization relation platform platform permission admin = platform >super admin definition resource relation owner user | organization permission admin = owner + owner >admin definition user

fierro · Answer

question The ` >`operator is used to walk the hierarchy of relations to compute the `owner >admin` permission `owner` in this case is defined as `user | organization` My question is around whether this is a good practice or not when the subject as in this case is a comprised of multiple objects which may not all have that `admin` permission In this case there is no permission `admin` defined on `user` so the `owner >admin` computed permission really only applies to `organizations` but this modeling detail is not codified anywhere Seems weird potentially bad

Joey · Answer

its weird but functional

Joey · Answer

however if you expect all resources to have an org

Joey · Answer

I d recommend creating a distinct relation for it

Joey · Answer

`relation organization organization`

fierro · Answer

thx

fierro · Answer

I m still gathering data around what good schema design techniques implementations look like and this one threw me off

Joey · Answer

yeah generally you want distinct `relation` s unless they mean the same thing

Joey · Answer

in this case the organization isn t really the owner if a user is too

Joey · Answer

unless you also want to check if the org is `admin` too itself