https://authzed.com logo
Title
f

fierro

02/13/2023, 9:46 PM
is it a bad idea to model negative permissions? Imagine you have a flat hierarchy of objects (so you can't leverage some containerization/"folders" to manage access). You want to grant
nonadmin
users access to all objects in the hierarchy that currently exist and will exist except for a small set of "important" objects. Is it a terrible practice to do something like
definition widget {
     relation access: user
     relation noaccess: user

     permission perm_access = access - noaccess
}