Hello I need to design a schema where the - users has permissions (read, write, edit,...) - users are assigned to organisation - cases are assigned to organisation - users can access cases whose organisation matches that of the user. - users have permissions like read, write, edit.... on cases that are in the same organisation. what I've modelled so far is: definition user{} definition permissionmatrix{ relation read : user relation write : user realtion edit : user } definition organisation{ relation user : user relation permissionmatrix: permissionmatrix permission read = user & permissionmatrix -> read permission write = user & permissionmatrix -> write } definition case{ relation organisation : organisation permission read = organisation -> read permission write = organisation -> write } idea is to be able to do permission check like: case-1:case#read@john:user Is the above schema the best way to model the relationship?